Advisories » MGASA-2015-0325

Updated cgit package fixes security vulnerability

Publication date: 26 Aug 2015
Modification date: 26 Aug 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2014-9390

Description

cgit in Mageia 4/5 bundles an old git that is being subject to a minor
security issue (CVE-2014-9390). The cgit package was updated to its latest
upstream release, and updates the bundled git to the non-vulnerable
version 2.5.0, which contains various bug fixes.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16180
• http://lists.zx2c4.com/pipermail/cgit/2015-March/002448.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9390

SRPMS

5/core

• cgit-0.11.2-1.mga5

4/core

• cgit-0.11.2-1.mga4