Updated cgit packages fix security vulnerability
Publication date: 05 Feb 2016Modification date: 05 Feb 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1899 , CVE-2016-1900 , CVE-2016-1901
Description
Reflected Cross Site Scripting and Header Injection in Mimetype Query
String in cgit before 0.12 (CVE-2016-1899).
Stored Cross Site Scripting and Header Injection in Filename Parameter in
cgit before 0.12 (CVE-2016-1900).
Integer Overflow resulting in Buffer Overflow in cgit before 0.12
(CVE-2016-1901).
References
SRPMS
5/core
- cgit-0.12-1.mga5