Bug 713301

Summary: CVE-2011-2186 gitweb: persistent XSS by users with commit privileges [epel-5]
Product: [Fedora] Fedora EPEL Reporter: Vincent Danen <vdanen>
Component: gitweb-cachingAssignee: John 'Warthog9' Hawley <warthog9>
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: el5CC: dac, warthog9
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: fst_owner=dcafaro
Fixed In Version: Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-04-06 10:25:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 713298    

Description Vincent Danen 2011-06-14 22:16:55 UTC 
epel-5 tracking bug for gitweb-caching: see blocks bug list for full details of the security issue(s).

This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.


[bug automatically created by: add-tracking-bugs]
Comment 1 David A. Cafaro 2015-04-24 15:38:50 UTC 
This bug is VERY old, do we have an udpate/patch for this?
Comment 2 David A. Cafaro 2015-04-29 12:45:00 UTC 
We are still at version:

EL5: gitweb-caching-1.6.5.2-8.b1ab8b5
EL6: gitweb-caching-1.6.5.2-8.b1ab8b5
EL7: N/A

From 2010.

Gitweb is now part of the git package as of 1.4.0.  Current version of git is:

EL5: git-1.8.2.1-1.el5

Which includes gitweb (and fixed)

Unless there are objections I plan on having this package marked as abandoned/obsolete and removed from the repos.
Comment 3 Fedora End Of Life 2017-04-06 10:25:32 UTC 
Fedora EPEL 5 changed to end-of-life (EOL) status on 2017-03-31. Fedora EPEL 5
is no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of Fedora
or Fedora EPEL, please feel free to reopen this bug against that version. If
you are unable to reopen this bug, please file a new report against the current
release. If you experience problems, please add a comment to this bug.

Thank you for reporting this bug and we are sorry it could not be fixed.