Home > mailing lists

gitweb security hole (CVE-2010-3906) - Mailing list pgsql-www

From	Tom Lane
Subject	gitweb security hole (CVE-2010-3906)
Date	January 3, 2011 19:07:55
Msg-id	23994.1294085267@sss.pgh.pa.us Whole thread Raw
Responses	Re: gitweb security hole (CVE-2010-3906) (Magnus Hagander <magnus@hagander.net>)
List	pgsql-www

Tree view

Just read this on the Fedora update feed:

> Update to 1.7.3.4 release which fixes various issues, notably:
> 
> * cross-site scripting (XSS) flaw was found in the web interface of Git distributed revision control system. A remote
attackercould use this flaw to execute arbitrary HTML or scripting code by providing a certain URL with
specially-craftedvalues of f and fp variables. (CVE-2010-3906)
 

Not sure if that impacts the PG gitweb server, but seems like it merits
prompt investigation.
        regards, tom lane

pgsql-www by date:

From: char101
Date: 29 December 2010, 12:01:45
Subject: Re: missing manual

From: Magnus Hagander
Date: 03 January 2011, 19:11:49
Subject: Re: gitweb security hole (CVE-2010-3906)

gitweb security hole (CVE-2010-3906) - Mailing list pgsql-www

Previous

Next