[Bug 1787021] Re: Directory traversal vulnerability

Launchpad Bug Tracker Thu, 16 Aug 2018 11:31:16 -0700

This bug was fixed in the package cgit - 1.1+git2.10.2-3ubuntu0.1

---------------
cgit (1.1+git2.10.2-3ubuntu0.1) bionic-security; urgency=high


  * SECURITY UPDATE: Directory traversal vulnerability.
    - d/p/clone-fix-directory-traversal.patch:
      This fixes a directory traversal vulnerability in CGit
      before 1.2.1 when `enable-http-clone=1` is not turned off,
      as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
    - CVE-2018-14912 (LP: #1787021)

 -- Unit 193 <[email protected]>  Tue, 14 Aug 2018 15:57:15 -0400

** Changed in: cgit (Ubuntu Bionic)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1787021

Title:
  Directory traversal vulnerability

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgit/+bug/1787021/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1787021] Re: Directory traversal vulnerability

Reply via email to