Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 357819 (CVE-2011-1027) - <www-apps/cgit-0.8.3.5: convert_query_hexchar infinite loop (CVE-2011-1027)
Summary: <www-apps/cgit-0.8.3.5: convert_query_hexchar infinite loop (CVE-2011-1027)
Status: RESOLVED FIXED
Alias: CVE-2011-1027
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~3 [noglsa]
Keywords:
: 372979 (view as bug list)
Depends on:
Blocks:
 
Reported: 2011-03-07 19:49 UTC by Paweł Hajdan, Jr. (RETIRED)
Modified: 2011-06-27 13:32 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-03-07 19:49:57 UTC
Jim Meyering discovered an infinite loop flaw in cgit.  The issue was
fixed upstream in 0.9 and 0.8.3.5.  Upstream commit has all the details:

http://hjemli.net/git/cgit/commit/?id=fc384b16fb9787380746000d3cea2d53fccc548e
Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-03-20 09:19:11 UTC
Maintainers, please bump www-apps/cgit to 0.8.3.5 and remove vulnerable versions from the tree.
Comment 2 Peter Volkov (RETIRED) gentoo-dev 2011-04-29 19:01:19 UTC
cgit-0.8.3.5 is in the tree. I'll drop vulnerable version later. Thank you for report Paweł!
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2011-04-29 19:29:51 UTC
Thanks, Peter and Paweł. Closing noglsa since this is not stable on any arches.
Comment 4 Tim Sammut (RETIRED) gentoo-dev 2011-06-26 20:43:50 UTC
*** Bug 372979 has been marked as a duplicate of this bug. ***
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2011-06-26 20:45:42 UTC
Please remove vulnerable ebuilds, <www-apps/cgit-0.8.3.5. Thank you.
Comment 6 Peter Volkov (RETIRED) gentoo-dev 2011-06-27 05:41:27 UTC
(In reply to comment #5)
> Please remove vulnerable ebuilds, <www-apps/cgit-0.8.3.5. Thank you.

Done.