Bug 713301

Summary: CVE-2011-2186 gitweb: persistent XSS by users with commit privileges [epel-5]
Product: [Fedora] Fedora EPEL Reporter: Vincent Danen <vdanen>
Component: gitweb-cachingAssignee: J.H. <warthog19>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: el5CC: dac, warthog19
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: fst_owner=dcafaro
Fixed In Version: Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On:    
Bug Blocks: 713298    

Description Vincent Danen 2011-06-14 18:16:55 EDT
epel-5 tracking bug for gitweb-caching: see blocks bug list for full details of the security issue(s).

This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.


[bug automatically created by: add-tracking-bugs]
Comment 1 David A. Cafaro 2015-04-24 11:38:50 EDT
This bug is VERY old, do we have an udpate/patch for this?
Comment 2 David A. Cafaro 2015-04-29 08:45:00 EDT
We are still at version:

EL5: gitweb-caching-1.6.5.2-8.b1ab8b5
EL6: gitweb-caching-1.6.5.2-8.b1ab8b5
EL7: N/A

From 2010.

Gitweb is now part of the git package as of 1.4.0.  Current version of git is:

EL5: git-1.8.2.1-1.el5

Which includes gitweb (and fixed)

Unless there are objections I plan on having this package marked as abandoned/obsolete and removed from the repos.