Note:
This project will be discontinued after December 13, 2021. [more]
2019-01-10
commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P.
Products | Gitolite |
Type | Improper Input Validation (CWE-20) |
First patch |
https://github.com/sitaramc/gitolite/commit/5df2b817255ee919991da6c310239e08c8fcc1ae |
Relevant file/s | ./src/commands/rsync (modified, +6, -12) |
Links |
• https://bugs.debian.org/918849
• https://groups.google.com/forum/#%21topic/gitolite-announce/6xbjjmpLePQ • https://github.com/sitaramc/gitolite/blob/master/CHANGELOG |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: