Red Hat Bugzilla – Bug 713301
CVE-2011-2186 gitweb: persistent XSS by users with commit privileges [epel-5]
Last modified: 2017-04-06 06:25:32 EDT
epel-5 tracking bug for gitweb-caching: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the 'blocks' bugs. [bug automatically created by: add-tracking-bugs]
This bug is VERY old, do we have an udpate/patch for this?
We are still at version: EL5: gitweb-caching-1.6.5.2-8.b1ab8b5 EL6: gitweb-caching-1.6.5.2-8.b1ab8b5 EL7: N/A From 2010. Gitweb is now part of the git package as of 1.4.0. Current version of git is: EL5: git-1.8.2.1-1.el5 Which includes gitweb (and fixed) Unless there are objections I plan on having this package marked as abandoned/obsolete and removed from the repos.
Fedora EPEL 5 changed to end-of-life (EOL) status on 2017-03-31. Fedora EPEL 5 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora or Fedora EPEL, please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.