Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 372979 - www-apps/cgit: DOS (CVE-2011-1027)
Summary: www-apps/cgit: DOS (CVE-2011-1027)
Status: RESOLVED DUPLICATE of bug 357819
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~4 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-06-25 12:53 UTC by GLSAMaker/CVETool Bot
Modified: 2011-06-26 20:43 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2011-06-25 12:53:21 UTC 
CVE-2011-1027 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1027):
  Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi
  in cgit before 0.8.3.5 allows remote attackers to cause a denial of service
  (infinite loop) via a string composed of a % (percent) character followed by
  invalid hex characters, as demonstrated by a %gg sequence.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2011-06-25 12:53:50 UTC 
Please punt the vulnerable version left in tree.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-06-26 20:43:50 UTC 

*** This bug has been marked as a duplicate of bug 357819 ***