Re: [ANNOUNCE] CGIT v1.2.1 Released
On Fri, Aug 3, 2018 at 5:12 PM Jason A. Donenfeld wrote: > * A fix for a critical directory traversal vulnerability, when > `enable-http-clone=1` is not turned off, discovered by Jann Horn. > This is pretty nasty and all users must update immediately. This has been assigned CVE-2018-14912. ___ CGit mailing list CGit@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/cgit
Re: [ANNOUNCE] CGIT v1.2.1 Released
On Fri, Aug 3, 2018 at 7:06 PM Todd Zullinger wrote: > Yikes, thanks for the heads-up! Do you know if there is a > CVE assigned for this issue yet? I've requested one. > It sounds like it affects > all releases from 0.8 through 1.2, right? Yes. ___ CGit mailing list CGit@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/cgit
Re: [ANNOUNCE] CGIT v1.2.1 Released
Hi Jason, Jason A. Donenfeld wrote: > Hi folks, > > CGit 1.2.1 is now available. It contains an important security fix and > everybody should update immediately. Yikes, thanks for the heads-up! Do you know if there is a CVE assigned for this issue yet? It sounds like it affects all releases from 0.8 through 1.2, right? Thanks, -- Todd ~~ The power of accurate observation is frequently called cynicism by those who don't have it. -- George Bernard Shaw signature.asc Description: PGP signature ___ CGit mailing list CGit@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/cgit