Information on source package cgit

Available versions

ReleaseVersion
jessie0.10.2.git2.0.1-3+deb8u1
jessie (security)0.10.2.git2.0.1-3+deb8u2
stretch (security)1.1+git2.10.2-3+deb9u1
buster1.1+git2.10.2-3.1
sid1.2.1+git2.18.0-1

Resolved issues

BugDescription
TEMP-0000000-1CC548Cross-site scripting (XSS) vulnerability in cgit's "txt2html" filter
CVE-2018-14912cgit_clone_objects in CGit before 1.2.1 has a directory traversal ...
CVE-2016-2324Integer overflow in Git before 2.7.4 allows remote attackers to ...
CVE-2016-2315revision.c in git before 2.7.4 uses an incorrect integer data type, ...
CVE-2016-1901Integer overflow in the authenticate_post function in CGit before 0.12 ...
CVE-2016-1900CRLF injection vulnerability in the cgit_print_http_headers function ...
CVE-2016-1899CRLF injection vulnerability in the ui-blob handler in CGit before ...
CVE-2013-2117Directory traversal vulnerability in the cgit_parse_readme function in ...
CVE-2012-4548Argument injection vulnerability in syntax-highlighting.sh in cgit ...
CVE-2012-4465Heap-based buffer overflow in the substr function in parsing.c in cgit ...

Security announcements

DSA / DLADescription
DLA-1459-1cgit - security update
DSA-4263-1cgit - security update
DSA-3545-1cgit - security update

Search for package or bug name: Reporting problems