[Secure-testing-team] Bug#727122: [gitolite3] Do not create a test-repo with @all RW

Bastien ROUCARIÈS bastien.roucaries at u-cergy.fr
Tue Oct 22 13:01:59 UTC 2013

Previous message: [Secure-testing-team] Bug#727101: libvirt: CVE-2013-4400 / CVE-2013-4401
Next message: [Secure-testing-team] Bug#727180: mantis: CVE-2013-4460: XSS in account_sponsor_page.php project names
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Package: gitolite3
Severity: grave
Tags: security
X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org

By default gitolite3 install create a test repo (see gitolite.conf)
repo testing:
    RW+ = @all

This repositionnery is writtable by every one and could lead to distant dos 
(disk full).

Bastien

Previous message: [Secure-testing-team] Bug#727101: libvirt: CVE-2013-4400 / CVE-2013-4401
Next message: [Secure-testing-team] Bug#727180: mantis: CVE-2013-4460: XSS in account_sponsor_page.php project names
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Secure-testing-team mailing list