-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers, David Leadbeater, Marc Deslauriers
-
Date:
2009-02-12 15:49:08 UTC
-
Revision ID:
package-import@ubuntu.com-20090212154908-5anemwq4dlgcipgn
Tags: 1:1.5.4.3-1ubuntu2.1
[ David Leadbeater ]
* SECURITY UPDATE: Fix remote code execution in gitweb (LP: #317052)
- CVE-2008-5516: http://repo.or.cz/w/git.git?a=commitdiff;h=c582abae
- CVE-2008-5517: http://repo.or.cz/w/git.git?a=commitdiff;h=516381d5
[ Marc Deslauriers ]
* SECURITY UPDATE: arbitrary code execution via long PATH in diff_addremove
and diff_change (LP: #248750)
- debian/diff/0007-SECURITY-CVE-2008-3546.diff: safely build the full path.
- CVE-2008-3546
* SECURITY UPDATE: arbitrary command execution via diff.external configuration
variable.
- debian/diff/0008-SECURITY-CVE-2008-5916.diff: remove unused legacy-style
URI code in gitweb/gitweb.perl.
- CVE-2008-5916