-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers
-
Date:
2009-02-13 09:32:33 UTC
-
Revision ID:
package-import@ubuntu.com-20090213093233-0poc4bbrybm7490s
Tags: 1:1.5.2.5-2ubuntu0.1
* SECURITY UPDATE: arbitrary code execution via long PATH in diff_addremove
and diff_change (LP: #248750)
- debian/diff/0007-SECURITY-CVE-2008-3546.diff: safely build the full path.
- CVE-2008-3546
* SECURITY UPDATE: arbitrary command execution via shell metacharacters
related to git_search in gitweb (LP: #317052)
- debian/diff/0006-CVE-2008-5516.diff: use git-log instead of git-rev-list |
git-diff-tree for pickaxe search in gitweb/gitweb.perl.
- CVE-2008-5516
* SECURITY UPDATE: arbitrary command execution via shell metacharacters
related to git_snapshot and git_object in gitweb (LP: #317052)
- debian/diff/0007-CVE-2008-5517.diff: quote the given arguments before
passing them to the shell in gitweb/gitweb.perl.
- CVE-2008-5517