Bug 24843 - cgit new DoS security issue
Summary: cgit new DoS security issue
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-64-OK
Keywords:
Depends on:
Blocks:
 
Reported: 2019-05-20 04:06 CEST by David Walser
Modified: 2019-06-21 02:50 CEST (History)
1 user (show)

See Also:
Source RPM: cgit-1.2.1-3.mga7.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2019-05-20 04:06:21 CEST
A security issue was reported in cgit, with an upstream response here:
https://www.openwall.com/lists/oss-security/2019/05/19/3

It says to expect a patch tomorrow.
Comment 1 Thomas Backlund 2019-05-20 23:10:26 CEST
Fixed in Cauldron in cgit 1.2.1-4


Packages for Mga6:

SRPMS:
cgit-0.12-3.2.mga6.src.rpm

i586:
cgit-0.12-3.2.mga6.i586.rpm

x86_64:
cgit-0.12-3.2.mga6.x86_64.rpm




the fixed package is also installed on Mageia gitweb host

Assignee: bugsquad => qa-bugs
Version: Cauldron => 6
CC: (none) => tmb

Thomas Backlund 2019-06-21 02:50:29 CEST

Whiteboard: (none) => MGA6-64-OK


Note You need to log in before you can comment on or make changes to this bug.