VUL-1: git-web xss
Users with commit access to repos served by git-web could
cause cross site scripting (XSS) issues with XML files
(CVE-2011-2186).
Due to a differently formatted /etc/mime.types openSUSE is
not affected by default.
This update nevertheless turns on git-web's XSS protection
mechanism to avoid similar problems in the future.
To turn XSS protection off again put the following line in
/etc/gitweb.conf:
$prevent_xss = 0;
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 4756
Fixed bugs
bnc#698456
VUL-1: git-web xss
CVE#CVE-2011-2186
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
