-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 04 Apr 2016 08:41:52 +0200 Source: cgit Binary: cgit Architecture: source Version: 0.10.2.git2.0.1-3+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Alexander Wirt <formorer@debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 812411 Description: cgit - hyperfast web frontend for git repositories written in C Changes: cgit (0.10.2.git2.0.1-3+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2016-1899: Reflected XSS and header injection in mimetype query string (Closes: #812411) * CVE-2016-1900: Stored cross site scripting and header injection in filename parameter (Closes: #812411) * CVE-2016-1901: Integer overflow resulting in buffer overflow (Closes: #812411) * filters: apply HTML escaping. Addresses cross-site scripting vulnerability in via the txt2html filter. Checksums-Sha1: 742128a3bb0907f167a9b53ad9b649573e61084f 1867 cgit_0.10.2.git2.0.1-3+deb8u1.dsc d0fccec308fdaeb9471a9cbebdf8b4f23527fd58 5157263 cgit_0.10.2.git2.0.1.orig.tar.gz 0dc7bb7a32f21f382eb112739f2bac7177987d6e 11064 cgit_0.10.2.git2.0.1-3+deb8u1.debian.tar.xz Checksums-Sha256: 923e36322a6b87505ec2dd335cf72e0f8399eb98e75923079430d46d237d679d 1867 cgit_0.10.2.git2.0.1-3+deb8u1.dsc 9e4070ad5a2fda0375b92df4805f861da9022bbd861ee2d402fc8c39e2dbf681 5157263 cgit_0.10.2.git2.0.1.orig.tar.gz f1e7cbb1c2808a3c1340bac1da6b5ae3ac6bb55bc53e54c8f43358b5da9cf31a 11064 cgit_0.10.2.git2.0.1-3+deb8u1.debian.tar.xz Files: cc750bebebc7d79cf768e7a63ecd6117 1867 net extra cgit_0.10.2.git2.0.1-3+deb8u1.dsc 15c7bc81344eb0e20875d24342f47e0a 5157263 net extra cgit_0.10.2.git2.0.1.orig.tar.gz fc01c33627fa1a83ede1634719f1665d 11064 net extra cgit_0.10.2.git2.0.1-3+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXAhGCAAoJEAVMuPMTQ89EgyAP+gKtET8UQ2lbbAEj3Tff3+wb w9BHlwpRkw3ru28mCmd0YlJ7vBtuNurWPaRz9Q1Q38G39ilGI+K1dDxVPCXEd8FV 4HfnGd1J2U6MApYBJS1uphCcMUfbSazqhS9CUsGqCrcSjJNwKFosUFShuHRQlLvn UGnzYBag109XQkFfsPlY4oySt6VkBVtz1KsySthR06Ha+QnpUWCeBYydqpPuk2Bw vaJVwzfNGF0ZIEsfl+zbQnuGUv9MGz/wF+Iu5glPfc6ABXlr4rqY1SKJWNA8Bdce nmHZuNYiyV0B7DJzboIo+f8VeCFr0UW0+MyVKqCbXZ3u9RF0dqlN0o5NiYuEM6Fr CEt6i8j1pNDLNQj8kM7IRB0gxakI3jbDdU4gN//Ul2OEatARcSSqMvmcQqQ8ByTE 06SgQfAnlv5fV8DlapovSkVvXbgq72Tv1oc7r8DwDSIbtLQ1oYutO8S4vmtH5GrY gWltCFcXJN013WqFrqFb5jPFwFJ8EAJiZEuYs6KBGkiHyXbVPh12aQCF1P994VEi bnQr11tnJc1n7vYFlcxpZF+B6Pw4dRZcw1XclgcE3pdzqP7EeppE5ebYSoiIma4K 0YMIXW/X339Pxu+1PcddQVPgjbU4asAdynh1mV0adEJPVZT2nWA+Y5utOuxv5DEf qC1KlCi3lfIwrVxPudWZ =n+9t -----END PGP SIGNATURE-----