Date: Thu, 15 Jan 2009 20:54:16 +0100 From: Florian Weimer <fw@...eb.enyo.de> To: oss-security@...ts.openwall.com Cc: coley@...us.mitre.org Subject: CVE request -- git Hi Steve, could you please assign a CVE for this bug: | Current gitweb has a possible local privilege escalation bug that allows a | malicious repository owner to run a command of his choice by specifying | diff.external configuration variable in his repository and running a | crafted gitweb query. | | [...] Maintenance release v126.96.36.199, v188.8.131.52, v184.108.40.206 and v220.127.116.11 | are already available at k.org (see the announcement for v18.104.22.168 I | sent out a few minutes ago), and the master branch and others pushed | out tonight have the same fix. [...] <http://marc.info/?l=git&m=122975564100860&w=2> It's from 2008, so maybe it should get a 2008 number. Thanks, Florian
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ