Project

General

Profile

Bug #3463

Update cgit to version 1.2.1

Added by zecke 4 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
-
Target version:
-
Start date:
08/12/2018
Due date:
% Done:

100%

Spec Reference:

Description

Directory traversal through http cloning (which we have enabled) in versions < 1.2.1. We should update soonish.

History

#1 Updated by laforge 4 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

rebuilt our docker container to latest debian stretch package which already has this fixed.

#2 Updated by zecke 4 months ago

  • Status changed from Resolved to New

I had to reboot host2.osmocom.org and after a manual "docker-compose start" it seems we are back to a vulnerable version:

Installed/Running:

 dpkg -l | grep cgit
ii  cgit                            1.1+git2.10.2-3 

apt-cache show cgit
Package: cgit
Version: 1.1+git2.10.2-3

Patched version: 1.1+git2.10.2-3+deb9u1

#3 Updated by laforge 3 months ago

  • Status changed from New to Resolved

fixed almost immediately after the ticket was created, just forgot to update the ticket.

root@host2 /etc/compose # docker-compose exec cgit bash
root@cgit:/# dpkg -l | grep -i cgit
ii  cgit                            1.1+git2.10.2-3+deb9u1         amd64        hyperfast web frontend for git repositories written in C

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)