drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in cgit
Name: |
Denial of Service in cgit |
|
ID: |
FEDORA-2011-2790 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 15 |
|
Datum: |
Mi, 16. März 2011, 07:04 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1027 |
|
Applikationen: |
cgit |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2011-2790 2011-03-07 01:29:08 ------------------------------------------------------------------------------- -
Name : cgit Product : Fedora 15 Version : 0.9 Release : 1.fc15 URL : http://hjemli.net/git/cgit/ Summary : A fast web interface for git Description : Cgit is a fast web interface for git. It uses caching to increase performance.
------------------------------------------------------------------------------- - Update Information:
In addition to closing a DOS vulnerability (thanks to Jim Meyering), this upstream feature release adds the following enhancements:
* Support for side-by-side diffs * Support for repo content in "about" view * Improved integration with gitolite/gitweb * Support for git notes in commit/log view * Support for graph in log view (similar to 'git log --graph') * Improved handling/display of path filters * Clients can modify diff view parameters * Support for directory listings in plain view * Support for remote branches * Support for range searches in log view (like 'git log master ^stable) * Support for expansion of environment vars in certain cgitrc options, which can simplify virtual hosting
The release announcement has a more complete changelog:
http://article.gmane.org/gmane.comp.version-control.git/168496
------------------------------------------------------------------------------- - References:
[ 1 ] Bug #680905 - CVE-2011-1027 cgit: invalid hex escape (e.g., %GG) in query triggers infinite loop https://bugzilla.redhat.com/show_bug.cgi?id=680905 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update cgit' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|