~ubuntu-branches/ubuntu/hardy/git-core/hardy-updates

Viewing all changes in revision 41.

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers, David Leadbeater, Marc Deslauriers
  • Date: 2009-02-12 15:49:08 UTC
  • Revision ID: package-import@ubuntu.com-20090212154908-5anemwq4dlgcipgn
Tags: 1:1.5.4.3-1ubuntu2.1
[ David Leadbeater ]
* SECURITY UPDATE: Fix remote code execution in gitweb (LP: #317052)
  - CVE-2008-5516: http://repo.or.cz/w/git.git?a=commitdiff;h=c582abae
  - CVE-2008-5517: http://repo.or.cz/w/git.git?a=commitdiff;h=516381d5

[ Marc Deslauriers ]
* SECURITY UPDATE: arbitrary code execution via long PATH in diff_addremove
  and diff_change (LP: #248750)
  - debian/diff/0007-SECURITY-CVE-2008-3546.diff: safely build the full path.
  - CVE-2008-3546
* SECURITY UPDATE: arbitrary command execution via diff.external configuration
  variable.
  - debian/diff/0008-SECURITY-CVE-2008-5916.diff: remove unused legacy-style
    URI code in gitweb/gitweb.perl.
  - CVE-2008-5916

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: