oss-sec mailing list archives
Re: CVE Request: gitolite world writable files for fresh installs of v3.5.3
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 21 Oct 2013 14:18:21 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/20/2013 10:54 PM, Sitaram Chamarty wrote:
Announcement: https://groups.google.com/forum/#!topic/gitolite/Tu1sjaf7A4A/discussion Code change: https://github.com/sitaramc/gitolite/commit/3dad4f8e3214d6ab5f71823019a624fa48b055a3
(or)
http://code.google.com/p/gitolite/source/detail?r=3dad4f8e3214d6ab5f71823019a624fa48b055a3# Brief description (main points of announcement): Fresh installs between fa06a34 (approx Sep 3rd) and v3.5.3, inclusive, create a few world writable files. Sites which installed before that date are not affected, even if they subsequently upgraded to the faulty commit or beyond. Affected sites need to run a one-time 'chmod -R' to fix.
Please use CVE-2013-4451 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSZYwMAAoJEBYNRVNeJnmTykwQANeDVBkzMykOucoXevV3pd99 YQS6Agd7sF+zgkVkq6YdYperQX2MlXgo7kFwIsGazxpRRswk4i4prpD9CATYwg5V XdCf5i3DFr1mQ/hPnFoD59f354gLK7CBK/BfkUnURFoA/TSVH3R8RuTWsfQ6wIGl pgVp5X+9WiBZazsSFiEM8fCuCgBGY34RBucLhJL45guZE05mJb06fyaLK2dOYLgz neHHiClmeBmb85Vgjy7anCNnOpgkm6h8wsW5DZOd+9hlchoZiv6dc9Jc04tUpS7f /AX+w/TWonIDfy9PtyIons4xt4rvs+G5le2xSIAsRxM9HkAANLcsm/HAWTcM1I3m Z61KOe2Visi/5Yh3C7lW+MQBS5SmjEkX5N5VhLI3UIg3BPVpTfZTVNScIkYcOZm3 gmW+uS/5BmSugooA6Clnh79Q7gIuVY6aFPchy8S5VGDjVSnw+Cbbvjy0kfoUaH8m 4CKA+nPfkHqoSxGaNOSSCOt89gHIOZ3ZYOvD3qBwbMASPnIAf7xZ34XfimOP3ryl EYysT4PIM3gk55Ksl+4NLs/mkZ1m36FEzE3NaIQlAx3uwa9qqD7QiugSWv4Tp6Oy TksAcQZKU7D5BnYxiSAIC1tbmMmSAnp0dNo8F8HoSbyOa15MLqt/53FXNv664mD2 hQX/wBlo8ZJi6mrc6W64 =jdn1 -----END PGP SIGNATURE-----
Current thread:
- CVE Request: gitolite world writable files for fresh installs of v3.5.3 Sitaram Chamarty (Oct 20)
- Re: CVE Request: gitolite world writable files for fresh installs of v3.5.3 Kurt Seifried (Oct 21)
- Re: CVE Request: gitolite world writable files for fresh installs of v3.5.3 Salvatore Bonaccorso (Dec 23)
- Re: CVE Request: gitolite world writable files for fresh installs of v3.5.3 cve-assign (Dec 23)
- Re: CVE Request: gitolite world writable files for fresh installs of v3.5.3 Salvatore Bonaccorso (Dec 23)
- Re: CVE Request: gitolite world writable files for fresh installs of v3.5.3 Kurt Seifried (Oct 21)