Debian DSA-3545-1 : cgit - security update

Several vulnerabilities were discovered in cgit, a fast web frontend for git repositories written in C. A remote attacker can take advantage of these flaws to perform cross-site scripting, header injection or denial of service attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

[SECURITY] [DSA 3545-1] cgit security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3545-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 07, 2016 https://www.debian.org/security/faq -...

Fedora 22 : cgit-0.12-1.fc22 (2016-215b507409)

Update to 0.12. Fixes bug 1298912 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 ...

Fedora 23 : cgit-0.12-1.fc23 (2016-e5a5fb196f)

Update to 0.12. Fixes bug 1298912 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 ...

Updated cgit packages fix security vulnerability

Reflected Cross Site Scripting and Header Injection in Mimetype Query String in cgit before 0.12 CVE-2016-1899. Stored Cross Site Scripting and Header Injection in Filename Parameter in cgit before 0.12 CVE-2016-1900. Integer Overflow resulting in Buffer Overflow in cgit before 0.12 CVE-2016-1901...

Fedora Update for cgit FEDORA-2016-215

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : cgit (openSUSE-2016-69)

This update to cgit 0.12 fixes the following issues : - CVE-2016-1899: Reflected Cross Site Scripting and Header Injection in Mimetype Query String - CVE-2016-1900: Stored Cross Site Scripting and Header Injection in Filename Parameter - CVE-2016-1901: Integer Overflow resulting in Buffer Overflo...

CVE-2016-1899

CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting XSS attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit....

CVE-2016-1899

CVE-2016-1899, -1900, -1901 affect cgit prior to the fixes (0.12.x line). Exploitable via CRLF/header injection, cross-site scripting and an integer/buffer overflow in the mime/filename handling, as detailed by multiple advisories. Debian shows fixed versions: Jessie (0.10.2.git2.0.1-3+deb8u1) an...

CVE-2016-1899

CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting XSS attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit....