Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 09 Oct 2012 22:48:55 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Eitan Adler <lists@...anadler.com>
Subject: Re: CVE Request: gitolite path traversal vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/09/2012 09:45 PM, Eitan Adler wrote:
> Announcement: 
> https://groups.google.com/forum/#!topic/gitolite/K9SnQNhCQ-0/discussion
>
>  Code change: 
> https://github.com/sitaramc/gitolite/commit/f636ce3ba3e340569b26d1e47b9d9b62dd8a3bf2

Please
> 
use CVE-2012-4506 for this issue.

> Hope I did this right ;)

Yup, only thing better would have been to mention the previous
gitolite CVE (from April 2011) which is different than this (similar
but different =).

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQdP40AAoJEBYNRVNeJnmTiKMQAJD4nyKyxX47GWVbrpmv9yRh
GubQfh4hSPgwCGsWtpw2omON14YHWEWOASdYNSsFs7RXfRVJSsESC0ZSsQVC7y0l
/JJUIS3Ilv6ih8dcKnyP48/Zpu/gDPOXHoMw7g6Bc5TiXB5NWj8uQCfdMptXB2Fd
eUk3WfFEBbubZGlmT31589O4pzIFvz5dtrlOnb30HASeHuOCNZdbYN7Ok7/XKIvM
zgivnqkDbVYDMNhF3qpdQuNau443V7b8FlcjyoYvEqne688RY8U05NEy3/i1fHUI
1W7qxlgEbtcRPBPkEE9XkQMvAuNBeuMRfAiqLbGr7Q360LRcxnvGUd+OtRogJzuA
3DLNMuETvgwTWO7KPwPu4y1CCGyK8VUeuQMmtbNZx1S5rBeIhr/QwqPKEplm+Uka
SSHmdo09YtdV/JIRRM7xsLfSUXIFER8LWchZaGAWg3rvwRtxYTZC0seU+MzSJ58q
+2KVBJpuV3C1DVPlLpjbql8N1emQ5G52cKAI4Fj9Hzdjz/qcUdPVQmN6BnDJ46sY
jDetuTK5J1M6OiqaNsCDnMMF0gBoN4KQgyNGGbMGedBi2fGqBVgyABE0DVHuX86C
gWFO0eaHXwavV9uGWkMx+w89JIHuns8VkgtC3BRJmbXM0Pqy9Gz+CJJVyD/kcDxB
uCf/vwE0iCqyVJU70EJp
=nzck
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.