Debian DSA-3545-1 : cgit - security update

Several vulnerabilities were discovered in cgit, a fast web frontend for git repositories written in C. A remote attacker can take advantage of these flaws to perform cross-site scripting, header injection or denial of service attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

[SECURITY] [DSA 3545-1] cgit security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3545-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 07, 2016 https://www.debian.org/security/faq -...

Fedora 22 : cgit-0.12-1.fc22 (2016-215b507409)

Update to 0.12. Fixes bug 1298912 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 ...

Fedora 23 : cgit-0.12-1.fc23 (2016-e5a5fb196f)

Update to 0.12. Fixes bug 1298912 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 ...

Updated cgit packages fix security vulnerability

Reflected Cross Site Scripting and Header Injection in Mimetype Query String in cgit before 0.12 CVE-2016-1899. Stored Cross Site Scripting and Header Injection in Filename Parameter in cgit before 0.12 CVE-2016-1900. Integer Overflow resulting in Buffer Overflow in cgit before 0.12 CVE-2016-1901...

Fedora Update for cgit FEDORA-2016-215

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : cgit (openSUSE-2016-69)

This update to cgit 0.12 fixes the following issues : - CVE-2016-1899: Reflected Cross Site Scripting and Header Injection in Mimetype Query String - CVE-2016-1900: Stored Cross Site Scripting and Header Injection in Filename Parameter - CVE-2016-1901: Integer Overflow resulting in Buffer Overflo...

CVE-2016-1901

Integer overflow in the authenticatepost function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow...

CVE-2016-1901

Integer overflow in the authenticatepost function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow...

CVE-2016-1901

Integer overflow in the authenticatepost function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow...

CVE-2016-1901

CVE-2016-1901 refers to an Integer Overflow in cgit’s authenticate_post function that can trigger a buffer overflow when a large Content-Length header is processed. Publicly documented fixes target the cgit 0.12 release family: Debian’s DSA-3545.1 notes updates to 0.12.x (and later backports for ...