full-disclosure-uk January 2009 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] rPSA-2009-0005-1 git gitwe

[Full-disclosure] rPSA-2009-0005-1 git gitweb

From: rPath Update Announcements <announce-noreply_at_nospam>
Date: Tue Jan 13 2009 - 18:44:47 GMT
To: security-announce@lists.rpath.com, update-announce@lists.rpath.com

rPath Security Advisory: 2009-0005-1
Published: 2009-01-13

    rPath Linux 2

Rating: Major
Exposure Level Classification:

    Remote System User Deterministic Unauthorized Access Updated Versions:

    git=conary.rpath.com@rpl:2/     gitweb=conary.rpath.com@rpl:2/

rPath Issue Tracking System:



    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5517     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5516


    In previous versions of the git package, insufficient quoting of     shell characters allowed remote attackers to execute arbitrary     commands via the git web interface. This has been resolved.


Copyright 2009 rPath, Inc.
This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/