Overview

File _patchinfo of Package patchinfo.import4756

<patchinfo incident="git-web" version="4756">
  <issue tracker="bnc" id="698456" />
  <issue tracker="CVE" id="CVE-2011-2186" />
  <category>security</category>
  <rating>low</rating>
  <summary>VUL-1: git-web xss</summary>
  <description>Users with commit access to repos served by git-web could
cause cross site scripting (XSS) issues with XML files
(CVE-2011-2186).

Due to a differently formatted /etc/mime.types openSUSE is
not affected by default.

This update nevertheless turns on git-web's XSS protection
mechanism to avoid similar problems in the future.

To turn XSS protection off again put the following line in
/etc/gitweb.conf:

$prevent_xss = 0;
</description>
  <packager>adrianSuSE</packager>
</patchinfo>
openSUSE Build Service is sponsored by
Places