This bug was fixed in the package cgit - 1.1+git2.10.2-3ubuntu0.1 --------------- cgit (1.1+git2.10.2-3ubuntu0.1) bionic-security; urgency=high
* SECURITY UPDATE: Directory traversal vulnerability. - d/p/clone-fix-directory-traversal.patch: This fixes a directory traversal vulnerability in CGit before 1.2.1 when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. - CVE-2018-14912 (LP: #1787021) -- Unit 193 <unit...@ubuntu.com> Tue, 14 Aug 2018 15:57:15 -0400 ** Changed in: cgit (Ubuntu Bionic) Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1787021 Title: Directory traversal vulnerability Status in cgit package in Ubuntu: Fix Released Status in cgit source package in Xenial: New Status in cgit source package in Bionic: Fix Released Bug description: Howdy, The CVE says: "cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request." This has been fixed upstream with https://git.zx2c4.com/cgit/commit/?id=53efaf30b50f095cad8c160488c74bba3e3b2680 This was fixed in Debian unstable: https://tracker.debian.org/news/979737/accepted-cgit-11git2102-31 -source-into-unstable/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgit/+bug/1787021/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp