Bug 713302

Summary: CVE-2011-2186 gitweb: persistent XSS by users with commit privileges [epel-6]
Product: [Fedora] Fedora EPEL Reporter: Vincent Danen <vdanen>
Component: gitweb-cachingAssignee: John 'Warthog9' Hawley <warthog9>
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: el6CC: dac, warthog9
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: fst_owner=dcafaro
Fixed In Version: Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-30 15:43:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 713298    

Description Vincent Danen 2011-06-14 22:17:01 UTC 
epel-6 tracking bug for gitweb-caching: see blocks bug list for full details of the security issue(s).

This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.


[bug automatically created by: add-tracking-bugs]
Comment 1 David A. Cafaro 2015-04-24 15:39:04 UTC 
This bug is VERY old, do we have an udpate/patch for this?
Comment 2 David A. Cafaro 2015-04-29 12:47:42 UTC 
We are still at version:

EL5: gitweb-caching-1.6.5.2-8.b1ab8b5
EL6: gitweb-caching-1.6.5.2-8.b1ab8b5
EL7: N/A

From 2010.

Gitweb is now part of the git package as of 1.4.0.  Current version of git is:

EL6: git-1.7.1-3.el6_4.1

Which includes gitweb (and fixed)

Unless there are objections I plan on having this package marked as abandoned/obsolete and removed from the repos.
Comment 3 Ben Cotton 2020-11-05 16:48:06 UTC 
This message is a reminder that EPEL 6 is nearing its end of life. Fedora will stop maintaining and issuing updates for EPEL 6 on 2020-11-30. It is our policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of 'el6'.

Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later EPEL version.

Thank you for reporting this issue and we are sorry that we were not able to fix it before EPEL 6 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged  change the 'version' to a later Fedora version prior this bug is closed as described in the policy above.
Comment 4 Ben Cotton 2020-11-30 15:43:14 UTC 
EPEL el6 changed to end-of-life (EOL) status on 2020-11-30. EPEL el6 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
EPEL please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.