Advisories ยป MGASA-2016-0047

Updated cgit packages fix security vulnerability

Publication date: 05 Feb 2016
Modification date: 05 Feb 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1899 , CVE-2016-1900 , CVE-2016-1901

Description

Reflected Cross Site Scripting and Header Injection in Mimetype Query
String in cgit before 0.12 (CVE-2016-1899).

Stored Cross Site Scripting and Header Injection in Filename Parameter in
cgit before 0.12 (CVE-2016-1900).

Integer Overflow resulting in Buffer Overflow in cgit before 0.12
(CVE-2016-1901).
                

References

SRPMS

5/core