Jim Meyering discovered an infinite loop flaw in cgit. The issue was fixed upstream in 0.9 and 0.8.3.5. Upstream commit has all the details: http://hjemli.net/git/cgit/commit/?id=fc384b16fb9787380746000d3cea2d53fccc548e
Maintainers, please bump www-apps/cgit to 0.8.3.5 and remove vulnerable versions from the tree.
cgit-0.8.3.5 is in the tree. I'll drop vulnerable version later. Thank you for report Paweł!
Thanks, Peter and Paweł. Closing noglsa since this is not stable on any arches.
*** Bug 372979 has been marked as a duplicate of this bug. ***
Please remove vulnerable ebuilds, <www-apps/cgit-0.8.3.5. Thank you.
(In reply to comment #5) > Please remove vulnerable ebuilds, <www-apps/cgit-0.8.3.5. Thank you. Done.