A security issue was reported in cgit, with an upstream response here: https://www.openwall.com/lists/oss-security/2019/05/19/3 It says to expect a patch tomorrow.
Fixed in Cauldron in cgit 1.2.1-4 Packages for Mga6: SRPMS: cgit-0.12-3.2.mga6.src.rpm i586: cgit-0.12-3.2.mga6.i586.rpm x86_64: cgit-0.12-3.2.mga6.x86_64.rpm the fixed package is also installed on Mageia gitweb host
CC: (none) => tmbVersion: Cauldron => 6Assignee: bugsquad => qa-bugs
Whiteboard: (none) => MGA6-64-OK
Validating since its been running for over a month on Mageia infra. Advisory: type: security subject: Updated cgit packages fix security vulnerability src: 6: core: - cgit-0.12-3.2.mga6 description: | A specially crafted URL in can potentially cause cgit to excessively use CPU and network resources, resulting in a Denial-of-Service. This update resolves that issue references: - https://bugs.mageia.org/show_bug.cgi?id=24843
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0203.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED