[Secure-testing-team] Bug#812411: cgit: CVE-2016-1899 CVE-2016-1900 CVE-2016-1901
Salvatore Bonaccorso
carnil at debian.org
Sat Jan 23 13:16:51 UTC 2016
Source: cgit
Version: 0.10.2.git2.0.1-3
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerabilities were published for cgit.
CVE-2016-1899[0]:
| CRLF injection vulnerability in the ui-blob handler in CGit before
| 0.12 allows remote attackers to inject arbitrary HTTP headers and
| conduct HTTP response splitting attacks or cross-site scripting (XSS)
| attacks via CRLF sequences in the mimetype parameter, as demonstrated
| by a request to blob/cgit.c.
CVE-2016-1900[1]:
| CRLF injection vulnerability in the cgit_print_http_headers function
| in ui-shared.c in CGit before 0.12 allows remote attackers with
| permission to write to a repository to inject arbitrary HTTP headers
| and conduct HTTP response splitting attacks or cross-site scripting
| (XSS) attacks via newline characters in a filename.
CVE-2016-1901[2]:
| Integer overflow in the authenticate_post function in CGit before 0.12
| allows remote attackers to have unspecified impact via a large value
| in the Content-Length HTTP header, which triggers a buffer overflow.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-1899
[1] https://security-tracker.debian.org/tracker/CVE-2016-1900
[2] https://security-tracker.debian.org/tracker/CVE-2016-1901
Regards,
Salvatore
More information about the Secure-testing-team
mailing list