Security update for cgit
This update to cgit 0.12 fixes the following issues:
- CVE-2016-1899: Reflected Cross Site Scripting and Header Injection in Mimetype Query String
- CVE-2016-1900: Stored Cross Site Scripting and Header Injection in Filename Parameter
- CVE-2016-1901: Integer Overflow resulting in Buffer Overflow
The bundled git version was updated to 2.7.0.
-
Submitted by
Wolfgang Rosenauer (wrosenauer)
Fixed bugs
bnc#948969
VUL-0: CVE-2015-7545: git: remote code execution with recursive fetch of submodules
bnc#961916
VUL-0: CVE-2016-1899,CVE-2016-1900,CVE-2016-1901: cgit: multiple vulnerabilities
