[Secure-testing-team] Bug#827405: cgit: update to version 1.0 fixes CVE-2016-2315
Peter Colberg
peter at colberg.org
Wed Jun 15 19:10:40 UTC 2016
Package: cgit
Version: 0.12.0.git2.7.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
Dear Maintainer,
The above version of cgit embeds git 2.7.0, which is affected
by CVE-2016-2315 [1]. The update to cgit 1.0 [2, 3] includes
git 2.8.3, which fixes the issue.
[1] https://security-tracker.debian.org/tracker/CVE-2016-2315
[2] http://article.gmane.org/gmane.comp.version-control.cgit/3076
[2] https://bugs.debian.org/826764
Regards,
Peter
More information about the Secure-testing-team
mailing list