Date: Thu, 15 Jan 2009 20:54:16 +0100 From: Florian Weimer <fw@...eb.enyo.de> To: oss-security@...ts.openwall.com Cc: coley@...us.mitre.org Subject: CVE request -- git Hi Steve, could you please assign a CVE for this bug: | Current gitweb has a possible local privilege escalation bug that allows a | malicious repository owner to run a command of his choice by specifying | diff.external configuration variable in his repository and running a | crafted gitweb query. | | [...] Maintenance release v220.127.116.11, v18.104.22.168, v22.214.171.124 and v126.96.36.199 | are already available at k.org (see the announcement for v188.8.131.52 I | sent out a few minutes ago), and the master branch and others pushed | out tonight have the same fix. [...] <http://marc.info/?l=git&m=122975564100860&w=2> It's from 2008, so maybe it should get a 2008 number. Thanks, Florian
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.