[SECURITY] Fedora 36 Update: gitqlient-1.5.0-2.fc36

GitQlient, pronounced as git+client /g=EF=BF=BD=EF=BF=BDt=EF=BF=BD=EF=BF=BDk la=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BDnt/ is a multi-platform Git client originally forked from QGit. Nowadays it goes beyond of just a fork and adds a lot of new functionality. Some of the major feature you can find are...

GitLab: Stored XSS in Notes (with CSP bypass for gitlab.com)

Summary I read the issue 345657 which handles the XSS in notes reported in Hackerone report 1398305. This issue fixes the reported XSS but leaves the HTML injection that was also mentioned. I don't know how you deal with these situations, but I thought I report this, and you can decide : The issu...

GhIDA: Ghidra decompiler for IDA Pro

By Andrea Marcelli Executive Summary Cisco Talos is releasing two new tools for IDA Pro: GhIDA and Ghidraaas. GhIDA is an IDA Pro plugin that integrates the Ghidra decompiler in the IDA workflow, giving users the ability to rename and highlight symbols and improved navigation and comments. GhIDA...

Phabricator: HTML in Diffusion not escaped in certain circumstances

HTML in Diffusion source code listing is not escaped Steps to reproduce: have the syntax hilight turned on the file is bigger than 256kB, thus syntax hilight is claimed in header to be turned off automatically, however, plaintext file doesn't display like with regular manual syntax highlight off,...

MediaWiki SyntaxHighlight_GeSHi and MediaWiki GeSHi Denial of Service Vulnerabilities

MediaWiki is the United States Wikimedia Wikimedia Foundation and MediaWiki volunteers to develop and maintain a set of free and free Web-based Wiki engine , it can be used to deploy internal knowledge management and content management system . SyntaxHighlightGeSHi is one of the extensions to...

Fedora 17 : cgit-0.9.1-2.fc17 (2012-18464)

Fix syntax highlight to use the correct version of highlight. Update to new upsteam version with 2 security fixes, enhancements and misc other bug fixes. See http://git.zx2c4.com/cgit/commit/?id=a6a932e198e8b6b564d7a4bb43e78078d 8296026 for details. Note that Tenable Network Security has extracte...

Fedora 16 : cgit-0.9.1-2.fc16 (2012-18462)

Fix syntax highlight to use the correct version of highlight. Update to new upsteam version with 2 security fixes, enhancements and misc other bug fixes. See http://git.zx2c4.com/cgit/commit/?id=a6a932e198e8b6b564d7a4bb43e78078d 8296026 for details. Note that Tenable Network Security has extracte...

Fedora 18 : cgit-0.9.1-2.fc18 (2012-18432)

Fix syntax highlight script to use correct version of highlight. Update to new upsteam version with 2 security fixes, enhancements and misc other bug fixes. See http://git.zx2c4.com/cgit/commit/?id=a6a932e198e8b6b564d7a4bb43e78078d 8296026 for details. Note that Tenable Network Security has...

Fedora 17 : python-mwlib-0.13.5-1.fc17 (2012-3138)

Update to version 0.13.5, which solves the following issues : It was reported that mwlib suffered from a flaw that could allow a remote attacker to perform a denial of service attack on a mwlib installation by forcing it to parse a specially crafted iferror magic function. This issue has been...