[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] [ MDVSA-2010:256 ] git

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] [ MDVSA-2010:256 ] git
From: security@xxxxxxxxxxxx
Date: Thu, 16 Dec 2010 15:06:01 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:256
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : git
 Date    : December 16, 2010
 Affected: 2010.0, 2010.1
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in git (gitweb):
 
 A cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and
 previous versions allows remote attackers to inject arbitrary web
 script or HTML code via f and fp variables (CVE-2010-3906).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3906
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.0:
 15c6c8e663e112968a98f67243d4165c  2010.0/i586/git-1.6.4.4-6.2mdv2010.0.i586.rpm
 ea519ed2c9e56e0594c0771107356732  
2010.0/i586/git-arch-1.6.4.4-6.2mdv2010.0.i586.rpm
 895446404fa0dfce5d19144671ed1d58  
2010.0/i586/git-core-1.6.4.4-6.2mdv2010.0.i586.rpm
 e1ab40047940ba28c6c0c9a5a68277ea  
2010.0/i586/git-core-oldies-1.6.4.4-6.2mdv2010.0.i586.rpm
 b5fca4236ba01fb8fc0d6e40dd74eeda  
2010.0/i586/git-cvs-1.6.4.4-6.2mdv2010.0.i586.rpm
 d6026b630526334ace8a9420b8cd1dc9  
2010.0/i586/git-email-1.6.4.4-6.2mdv2010.0.i586.rpm
 1d2ab4948d75bfb7af68bcd6de18a79e  
2010.0/i586/gitk-1.6.4.4-6.2mdv2010.0.i586.rpm
 e000cbff804e4bb6dced1dfd15678d98  
2010.0/i586/git-prompt-1.6.4.4-6.2mdv2010.0.i586.rpm
 fce22e0903d3dc13755d05ec1dcd7358  
2010.0/i586/git-svn-1.6.4.4-6.2mdv2010.0.i586.rpm
 2b9a48fb82d2521fce11d2eab51298b8  
2010.0/i586/gitview-1.6.4.4-6.2mdv2010.0.i586.rpm
 0e3f625e4b886577abce568a7db75da0  
2010.0/i586/gitweb-1.6.4.4-6.2mdv2010.0.i586.rpm
 fe80f6e5e4db38dec9b8334378dc0e14  
2010.0/i586/libgit-devel-1.6.4.4-6.2mdv2010.0.i586.rpm
 f2710d68e2c0290fa2b22000cef76a3f  
2010.0/i586/perl-Git-1.6.4.4-6.2mdv2010.0.i586.rpm 
 730c9b5525ac0e2da39f8ef32a1498cd  2010.0/SRPMS/git-1.6.4.4-6.2mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 a3afd97e663cb90681d50139edce49c7  
2010.0/x86_64/git-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 12e76316c218b3d083d950d57a8194af  
2010.0/x86_64/git-arch-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 92675ada81afedbad206f9c680210bef  
2010.0/x86_64/git-core-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 9af754c3e680fd22802238f0cf583584  
2010.0/x86_64/git-core-oldies-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 4ee453fd305589d3c64ffbd164eea546  
2010.0/x86_64/git-cvs-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 d9325cbbec0fb01f00b90cc159f2af2c  
2010.0/x86_64/git-email-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 87be13e1d689c930b1af08c1ed3d904f  
2010.0/x86_64/gitk-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 3962c77c3076c3b549d59ab1d4788586  
2010.0/x86_64/git-prompt-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 508ce5a1e7532bf1241cce30248b1787  
2010.0/x86_64/git-svn-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 3f0ea846c90614d0cccb6fc5a5d0e133  
2010.0/x86_64/gitview-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 879caf7d5367b1cf6d09a0fb73c73e0d  
2010.0/x86_64/gitweb-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 f6d384b435e7f40a247e5c39cfc13bc5  
2010.0/x86_64/lib64git-devel-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 af291198629803300cf20d660eecb976  
2010.0/x86_64/perl-Git-1.6.4.4-6.2mdv2010.0.x86_64.rpm 
 730c9b5525ac0e2da39f8ef32a1498cd  2010.0/SRPMS/git-1.6.4.4-6.2mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 62eb011ee3b83954a7507ecca7b7a4ca  2010.1/i586/git-1.7.1-1.2mdv2010.1.i586.rpm
 1dab4de8f3ecb6707863b0175e96d29e  
2010.1/i586/git-arch-1.7.1-1.2mdv2010.1.i586.rpm
 e4441bda2654842a96a65d4ca3cf8015  
2010.1/i586/git-core-1.7.1-1.2mdv2010.1.i586.rpm
 491f4f4bbd1c1f02c6cf7f87b73a82c0  
2010.1/i586/git-core-oldies-1.7.1-1.2mdv2010.1.i586.rpm
 8533935734290a831f0f4214726eab0c  
2010.1/i586/git-cvs-1.7.1-1.2mdv2010.1.i586.rpm
 fb98b059578c98a512de02d4949571a6  
2010.1/i586/git-email-1.7.1-1.2mdv2010.1.i586.rpm
 cacb3c8b70b9e96084db260d1dda3d10  2010.1/i586/gitk-1.7.1-1.2mdv2010.1.i586.rpm
 3c7b76d7f637d53ba45554fbff24823b  
2010.1/i586/git-prompt-1.7.1-1.2mdv2010.1.i586.rpm
 0a304d8e50e7a9e57b69db4ab74af45c  
2010.1/i586/git-svn-1.7.1-1.2mdv2010.1.i586.rpm
 9eb13c3489600816342700b7b2b32c96  
2010.1/i586/gitview-1.7.1-1.2mdv2010.1.i586.rpm
 3f1df41a0701012b68652d956a631bed  
2010.1/i586/gitweb-1.7.1-1.2mdv2010.1.i586.rpm
 1bc26d6014ac921ef984bb24f7f6e3fc  
2010.1/i586/libgit-devel-1.7.1-1.2mdv2010.1.i586.rpm
 fe5ad73829671056af9e74cf93447a51  
2010.1/i586/perl-Git-1.7.1-1.2mdv2010.1.i586.rpm
 117bb2fbc9c76897eab3a259710a7dda  
2010.1/i586/python-git-1.7.1-1.2mdv2010.1.i586.rpm 
 0768add7131acc7c4534b0004bf6ad25  2010.1/SRPMS/git-1.7.1-1.2mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 998a1b44740e7e9e60028fd729274fd2  
2010.1/x86_64/git-1.7.1-1.2mdv2010.1.x86_64.rpm
 0aa52b00cac453776c38f8cd0fb37dce  
2010.1/x86_64/git-arch-1.7.1-1.2mdv2010.1.x86_64.rpm
 8fe9b7defaf8a77854e5062836d31eab  
2010.1/x86_64/git-core-1.7.1-1.2mdv2010.1.x86_64.rpm
 f506180c659e39e7e362e06d78e9238e  
2010.1/x86_64/git-core-oldies-1.7.1-1.2mdv2010.1.x86_64.rpm
 6719358a0794081832c1c99914967337  
2010.1/x86_64/git-cvs-1.7.1-1.2mdv2010.1.x86_64.rpm
 4ab39ebc290ad406e2c69ee7ec14077d  
2010.1/x86_64/git-email-1.7.1-1.2mdv2010.1.x86_64.rpm
 b4c55fc40c14613cc337ca4e81d77c02  
2010.1/x86_64/gitk-1.7.1-1.2mdv2010.1.x86_64.rpm
 73ac288d7009a3d019471514041abc23  
2010.1/x86_64/git-prompt-1.7.1-1.2mdv2010.1.x86_64.rpm
 6241fd94af141a2bea309dfda63b7477  
2010.1/x86_64/git-svn-1.7.1-1.2mdv2010.1.x86_64.rpm
 9e326c5e23ebaf27918ec0cb592ba19d  
2010.1/x86_64/gitview-1.7.1-1.2mdv2010.1.x86_64.rpm
 6e4181a2d8e2fdbe31a780921315d500  
2010.1/x86_64/gitweb-1.7.1-1.2mdv2010.1.x86_64.rpm
 c47525f2a161cdac7ae7ee0ad1934f5f  
2010.1/x86_64/lib64git-devel-1.7.1-1.2mdv2010.1.x86_64.rpm
 a82c1d8a46096294a8ec61bfbabbb9b7  
2010.1/x86_64/perl-Git-1.7.1-1.2mdv2010.1.x86_64.rpm
 556861e62fd203b4ebff5384a5c58529  
2010.1/x86_64/python-git-1.7.1-1.2mdv2010.1.x86_64.rpm 
 0768add7131acc7c4534b0004bf6ad25  2010.1/SRPMS/git-1.7.1-1.2mdv2010.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNCfA6mqjQ0CJFipgRAvxBAJ4iyT8rF6LbDh3GCg7VylsZDJ3z/QCfQzUw
o2PiVM7Yh0revxCGtWskmho=
=A0ET
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Prev by Date: Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC
Next by Date: Re: [Full-disclosure] Making Security Suck Less
Previous by thread: Re: [Full-disclosure] Making Security Suck Less
Next by thread: [Full-disclosure] PR10-06: Cross-domain redirect on PGP Universal Web Messenger
Index(es):
- Date
- Thread