A vulnerability was found in commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P. Reference: https://github.com/sitaramc/gitolite/blob/master/CHANGELOG https://github.com/sitaramc/gitolite/commit/5df2b817255ee919991da6c310239e08c8fcc1ae
Created gitolite tracking bugs for this issue: Affects: epel-all [bug 1771413] Affects: fedora-all [bug 1771412]
External References: https://groups.google.com/forum/#!topic/gitolite-announce/6xbjjmpLePQ
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.