Red Hat Bugzilla – Full Text Bug Listing
|Summary:||CVE-2011-2186 gitweb: persistent XSS by users with commit privileges [epel-5]|
|Product:||[Fedora] Fedora EPEL||Reporter:||Vincent Danen <vdanen>|
|Status:||CLOSED EOL||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Target Milestone:||---||Keywords:||Security, SecurityTracking|
|Fixed In Version:||Doc Type:||Release Note|
|Doc Text:||Story Points:||---|
|Last Closed:||2017-04-06 06:25:32 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
Description Vincent Danen 2011-06-14 18:16:55 EDT
epel-5 tracking bug for gitweb-caching: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the 'blocks' bugs. [bug automatically created by: add-tracking-bugs]
Comment 1 David A. Cafaro 2015-04-24 11:38:50 EDT
This bug is VERY old, do we have an udpate/patch for this?
Comment 2 David A. Cafaro 2015-04-29 08:45:00 EDT
We are still at version: EL5: gitweb-caching-126.96.36.199-8.b1ab8b5 EL6: gitweb-caching-188.8.131.52-8.b1ab8b5 EL7: N/A From 2010. Gitweb is now part of the git package as of 1.4.0. Current version of git is: EL5: git-184.108.40.206-1.el5 Which includes gitweb (and fixed) Unless there are objections I plan on having this package marked as abandoned/obsolete and removed from the repos.
Comment 3 Fedora End Of Life 2017-04-06 06:25:32 EDT
Fedora EPEL 5 changed to end-of-life (EOL) status on 2017-03-31. Fedora EPEL 5 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora or Fedora EPEL, please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.