___
CGit mailing list
CGit@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/cgit
___
CGit mailing list
CGit@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/cgit
___
CGit mailing list
CGit@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/cgit
___
CGit mailing list
CGit@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/cgit
On Fri, Aug 3, 2018 at 5:12 PM Jason A. Donenfeld wrote:
> * A fix for a critical directory traversal vulnerability, when
> `enable-http-clone=1` is not turned off, discovered by Jann Horn.
> This is pretty nasty and all users must update immediately.
This has been assigned CVE-2018-14912.
On Fri, Aug 3, 2018 at 7:06 PM Todd Zullinger wrote:
> Yikes, thanks for the heads-up! Do you know if there is a
> CVE assigned for this issue yet?
I've requested one.
> It sounds like it affects
> all releases from 0.8 through 1.2, right?
Yes.
___
Hi Jason,
Jason A. Donenfeld wrote:
> Hi folks,
>
> CGit 1.2.1 is now available. It contains an important security fix and
> everybody should update immediately.
Yikes, thanks for the heads-up! Do you know if there is a
CVE assigned for this issue yet? It sounds like it affects
all releases
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi folks,
CGit 1.2.1 is now available. It contains an important security fix and
everybody should update immediately.
== CGit on the Web ==
* homepage: https://git.zx2c4.com/cgit/about/
* git repository: https://git.zx2c4.com/cgit/
* git clone: