Updated cgit packages fix security vulnerability
Publication date: 23 Aug 2018Modification date: 23 Aug 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-14912
Description
Jann Horn discovered a directory traversal vulnerability in cgit, a fast web frontend for git repositories written in C. A remote attacker can take advantage of this flaw to retrieve arbitrary files via a specially crafted request, when 'enable-http-clone=1' (default) is not turned off.
References
SRPMS
6/core
- cgit-0.12-3.1.mga6