[Secure-testing-team] cgit: update to version 1.0 fixes CVE-2016-2315 and CVE-2016-2324

Peter Colberg peter at colberg.org
Thu Jun 16 16:47:41 UTC 2016

Previous message: [Secure-testing-team] Bug#827405: cgit: update to version 1.0 fixes CVE-2016-2315
Next message: [Secure-testing-team] Bug#827445: python3-proselint: Remove `shell=True` as they are a security hazard
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear Debian Security Team,

I believe that cgit versions before 1.0 are affected by both
CVE-2016-2315 and CVE-2016-2324. I did not include the latter
when reporting this bug initially since it was not mentioned
in the release announcement for cgit 1.0.

Regards,
Peter

Previous message: [Secure-testing-team] Bug#827405: cgit: update to version 1.0 fixes CVE-2016-2315
Next message: [Secure-testing-team] Bug#827445: python3-proselint: Remove `shell=True` as they are a security hazard
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Secure-testing-team mailing list