Explore top 10 tips to secure your open-source projects now. Read More
×It was discovered that gitweb, the web interface for the Git version
control system, contained several vulnerabilities:
Remote attackers could use crafted requests to execute shell commands on
the web server, using the snapshot generation and pickaxe search
functionality (CVE-2008-5516).
Local users with write access to the configuration of a Git repository
served by gitweb could cause gitweb to execute arbitrary shell commands
with the permission of the web server (CVE-2008-5517).
For the stable distribution (etch), these problems have been fixed in
version 1.4.4.4-4+etch1.
For the unstable distribution (sid) and testing distribution (lenny),
the remote shell command injection issuei (CVE-2008-5516) has been fixed
in version 1.5.6-1. The other issue will be fixed soon.
We recommend that you upgrade your Git packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package m...
Get the latest Linux and open source security news straight to your inbox.