update for cgit (important)

Specially-crafted commits can cause code to be executed on the clients due to improperly quoted arguments...

Linux Kernel 3.1 RC2 Released

Linux Kernel 3.1 RC2 Released Linus Torvalds has announced the release of Linux kernel 3.1 rc2. There isn't too much to see and Linus notes that this is a fairly calm release for coming just one week after the close of the Linux 3.1 kernel merge window. As LKML is down at the moment, below is the...

WordPress Advises Password Reset After Finding Suspicious Commits

WordPress, the popular blogging platform, is requiring users to change their account passwords after members of the company’s security team discovered cleverly disguised backdoors in some of the platforms most popular plug-ins. AddThis, WPtouch, and W3 Total Cache caught the eye of team members...

Several XSS vulnerabilities were found in the code.

PMASA-2010-5 Announcement-ID: PMASA-2010-5 Date: 2010-08-20 Summary Several XSS vulnerabilities were found in the code. Description It was possible to conduct a XSS attack using crafted URLs or POST parameters on several pages. Severity We consider this vulnerability to be serious. Mitigation...

GLSA-200803-29 : ViewVC: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200803-29 ViewVC: Multiple vulnerabilities Multiple unspecified errors were reportedly fixed by the ViewVC development team. Impact : A remote attacker could send a specially crafted URL to the server to list CVS or SVN commits on...