cgit 1.1+git2.10.2-3ubuntu0.1 source package in Ubuntu


cgit (1.1+git2.10.2-3ubuntu0.1) bionic-security; urgency=high

  * SECURITY UPDATE: Directory traversal vulnerability.
    - d/p/clone-fix-directory-traversal.patch:
      This fixes a directory traversal vulnerability in CGit
      before 1.2.1 when `enable-http-clone=1` is not turned off,
      as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
    - CVE-2018-14912 (LP: #1787021)

 -- Unit 193 <email address hidden>  Tue, 14 Aug 2018 15:57:15 -0400

Upload details

Uploaded by:
Unit 193 on 2018-08-15
Sponsored by:
Steve Beattie
Uploaded to:
Original maintainer:
Ubuntu Developers
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section
Bionic updates on 2018-08-16 universe misc
Bionic security on 2018-08-16 universe misc


File Size SHA-256 Checksum
cgit_1.1+git2.10.2.orig.tar.gz 5.8 MiB ca271d2cd188bd8a1d9a103c3d5e889ac67169bd2b9b554fbdaa98cf76e8a2bb
cgit_1.1+git2.10.2-3ubuntu0.1.debian.tar.xz 11.4 KiB 99f6cc214f1fcad87c6d4e147226282219f69f85befd373370019d6b10909c1d
cgit_1.1+git2.10.2-3ubuntu0.1.dsc 2.2 KiB 0f67fcc7c72d64d4beb4f0fc1035b642ad06e5cb9f4c301de0335c5b0e977f41

View changes file

Binary packages built by this source

cgit: hyperfast web frontend for git repositories written in C

 This is an attempt to create a fast web interface for the Git SCM, using a
 built-in cache to decrease server I/O pressure.
  * basic repository browsing (logs, diffs, trees...)
  * caching of generated HTML
  * cloneable URLs (implements dumb HTTP transport)
  * commit feeds (atom format)
  * discovery of Git repositories
  * on-the-fly archives for tags and commits
  * plugin support for e.g. syntax highlighting
  * side-by-side diffs
  * simple time/author statistics
  * simple virtual hosting support (macro expansion)
  * understands GitWeb project-lists
  * understands gitweb.owner in Git config files
  * has extensive filtering framework using scripts or a built-in Lua

cgit-dbgsym: debug symbols for cgit