Lucene search

Gentoo FoundationMGASA-2015-0325

HistoryAug 26, 2015 - 11:36 p.m.

Updated cgit package fixes security vulnerability

2015-08-2623:36:28

Gentoo Foundation

advisories.mageia.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.944

Percentile

99.2%

JSON

cgit in Mageia 4/5 bundles an old git that is being subject to a minor security issue (CVE-2014-9390). The cgit package was updated to its latest upstream release, and updates the bundled git to the non-vulnerable version 2.5.0, which contains various bug fixes.

OSVersionArchitecturePackageVersionFilename
Mageia4noarchcgit< 0.11.2-1cgit-0.11.2-1.mga4
Mageia5noarchcgit< 0.11.2-1cgit-0.11.2-1.mga5

OS	Version	Architecture	Package	Version	Filename
Mageia	4	noarch	cgit	< 0.11.2-1	cgit-0.11.2-1.mga4
Mageia	5	noarch	cgit	< 0.11.2-1	cgit-0.11.2-1.mga5

References

lists.zx2c4.com/pipermail/cgit/2015-March/002448.html

bugs.mageia.org/show_bug.cgi?id=16180

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.944

Percentile

99.2%

JSON

Updated cgit package fixes security vulnerability

References

Related