Note:
This project will be discontinued after December 13, 2021. [more]
2018-09-12
Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access.
Products | Gitolite |
Type | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362) |
First patch |
https://github.com/sitaramc/gitolite/commit/dc13dfca8fdae5634bb0865f7e9822d2a268ed59 |
Relevant file/s |
• ./src/gitolite-shell (modified, +7)
• ./src/lib/Gitolite/Common.pm (modified, +18, -2) |
Links |
• https://bugs.debian.org/908699
• https://groups.google.com/forum/#%21topic/gitolite-announce/WrwDTYdbfRg |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: