Debian DSA-3545-1 : cgit - security update

Several vulnerabilities were discovered in cgit, a fast web frontend for git repositories written in C. A remote attacker can take advantage of these flaws to perform cross-site scripting, header injection or denial of service attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

[SECURITY] [DSA 3545-1] cgit security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3545-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 07, 2016 https://www.debian.org/security/faq -...

Fedora 22 : cgit-0.12-1.fc22 (2016-215b507409)

Update to 0.12. Fixes bug 1298912 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 ...

Fedora 23 : cgit-0.12-1.fc23 (2016-e5a5fb196f)

Update to 0.12. Fixes bug 1298912 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 ...

Updated cgit packages fix security vulnerability

Reflected Cross Site Scripting and Header Injection in Mimetype Query String in cgit before 0.12 CVE-2016-1899. Stored Cross Site Scripting and Header Injection in Filename Parameter in cgit before 0.12 CVE-2016-1900. Integer Overflow resulting in Buffer Overflow in cgit before 0.12 CVE-2016-1901...

Fedora Update for cgit FEDORA-2016-215

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : cgit (openSUSE-2016-69)

This update to cgit 0.12 fixes the following issues : - CVE-2016-1899: Reflected Cross Site Scripting and Header Injection in Mimetype Query String - CVE-2016-1900: Stored Cross Site Scripting and Header Injection in Filename Parameter - CVE-2016-1901: Integer Overflow resulting in Buffer Overflo...

CVE-2016-1900

CRLF injection vulnerability in the cgitprinthttpheaders function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting XSS attacks via newline...

CVE-2016-1900

CVE-2016-1900 affects CGit prior to 0.12. The vulnerability arises from CRLF/header injection in cgit_print_http_headers (ui-shared.c), enabling a remote attacker with write-access to a repository to inject arbitrary HTTP headers and trigger HTTP response splitting and potential XSS via newline c...