Summary: | <www-apps/cgit-0.8.3.5: convert_query_hexchar infinite loop (CVE-2011-1027) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Paweł Hajdan, Jr. (RETIRED) <phajdan.jr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | glsamaker, nikoli, pva, ramereth, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Paweł Hajdan, Jr. (RETIRED)
2011-03-07 19:49:57 UTC
Maintainers, please bump www-apps/cgit to 0.8.3.5 and remove vulnerable versions from the tree. cgit-0.8.3.5 is in the tree. I'll drop vulnerable version later. Thank you for report Paweł! Thanks, Peter and Paweł. Closing noglsa since this is not stable on any arches. *** Bug 372979 has been marked as a duplicate of this bug. *** Please remove vulnerable ebuilds, <www-apps/cgit-0.8.3.5. Thank you. (In reply to comment #5) > Please remove vulnerable ebuilds, <www-apps/cgit-0.8.3.5. Thank you. Done. |