*** This bug is a security vulnerability *** Public security bug reported:
Howdy, The CVE says: "cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request." This has been fixed upstream with https://git.zx2c4.com/cgit/commit/?id=53efaf30b50f095cad8c160488c74bba3e3b2680 This was fixed in Debian unstable: https://tracker.debian.org/news/979737/accepted-cgit-11git2102-31 -source-into-unstable/ ** Affects: cgit (Ubuntu) Importance: Undecided Status: New ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14912 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1787021 Title: Directory traversal vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgit/+bug/1787021/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs