Hello community, here is the log from the commit of package git for openSUSE:11.4 checked in at Wed Aug 10 12:11:22 CEST 2011.
-------- --- old-versions/11.4/UPDATES/all/git/cgit.changes 2010-12-17 17:53:01.000000000 +0100 +++ /mounts/work_src_done/11.4/git/cgit.changes 2011-08-05 15:19:28.000000000 +0200 @@ -1,0 +2,6 @@ +Fri Aug 5 15:18:48 CEST 2011 - [email protected] + +- Fix VUL-0: cgit: XSS flaw in rename hint (CVE-2011-2711, + bnc#707929) + +------------------------------------------------------------------- calling whatdependson for 11.4-i586 New: ---- cgit-CVE-2011-2711-fix.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cgit.spec ++++++ --- /var/tmp/diff_new_pack.3IfgxR/_old 2011-08-10 12:10:59.000000000 +0200 +++ /var/tmp/diff_new_pack.3IfgxR/_new 2011-08-10 12:10:59.000000000 +0200 @@ -32,6 +32,7 @@ Source2: cgitrc Patch0: cgit-link-fixes.diff Patch1: cgit_fix_stringlist.patch +Patch2: cgit-CVE-2011-2711-fix.diff # Requirements for cgit BuildRequires: git >= 1.7.1 BuildRequires: gnu-crypto libopenssl-devel libzip-devel @@ -54,6 +55,7 @@ mv git-%{git_version} git %patch0 -p1 %patch1 -p1 +%patch2 -p1 %build make ++++++ git.spec ++++++ --- /var/tmp/diff_new_pack.3IfgxR/_old 2011-08-10 12:10:59.000000000 +0200 +++ /var/tmp/diff_new_pack.3IfgxR/_new 2011-08-10 12:10:59.000000000 +0200 @@ -39,7 +39,7 @@ BuildRequires: python BuildRequires: perl-Error Version: 1.7.3.4 -Release: 4.<RELEASE5> +Release: 4.<RELEASE7> Summary: Fast, scalable, distributed revision control system License: GPLv2+ Group: Development/Tools/Version Control ++++++ cgit-CVE-2011-2711-fix.diff ++++++ >From bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5 Mon Sep 17 00:00:00 2001 From: Lukas Fleischer <[email protected]> Date: Fri, 22 Jul 2011 11:47:19 +0000 Subject: Fix potential XSS vulnerability in rename hint The file name displayed in the rename hint should be escaped to avoid XSS. Note that this vulnerability is only applicable when an attacker has gained push access to the repository. Signed-off-by: Lukas Fleischer <[email protected]> Signed-off-by: Lars Hjemli <[email protected]> --- --- ui-diff.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) --- a/ui-diff.c +++ b/ui-diff.c @@ -84,10 +84,12 @@ htmlf("</td><td class='%s'>", class); cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1, ctx.qry.sha2, info->new_path); - if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) - htmlf(" (%s from %s)", - info->status == DIFF_STATUS_COPIED ? "copied" : "renamed", - info->old_path); + if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) { + htmlf(" (%s from ", + info->status == DIFF_STATUS_COPIED ? "copied" : "renamed"); + html_txt(info->old_path); + html(")"); + } html("</td><td class='right'>"); if (info->binary) { htmlf("bin</td><td class='graph'>%d -> %d bytes", ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
