Advisories ยป MGASA-2018-0351

Updated cgit packages fix security vulnerability

Publication date: 23 Aug 2018
Modification date: 23 Aug 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-14912

Description

Jann Horn discovered a directory traversal vulnerability in cgit, a fast
web frontend for git repositories written in C. A remote attacker can take
advantage of this flaw to retrieve arbitrary files via a specially crafted
request, when 'enable-http-clone=1' (default) is not turned off.
                

References

SRPMS

6/core