Updated gitolite packages fixes security vulnerability
Publication date: 31 Jan 2019Modification date: 31 Jan 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-20683
Description
In commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P (CVE-2018-20683).
References
SRPMS
6/core
- gitolite-3.6.11-1.mga6