Git upstream released new maintenance releases fixing local privilege escalation flaw in gitweb. Quoting upstream announcement: Current gitweb has a possible local privilege escalation bug that allows a malicious repository owner to run a command of his choice by specifying diff.external configuration variable in his repository and running a crafted gitweb query. Recent (post 1.4.3) gitweb itself never generates a link that would result in such a query, and the safest and cleanest fix to this issue is to simply drop the support for it. http://article.gmane.org/gmane.comp.version-control.git/103624 Fixed upstream in: v1.6.0.6, v1.5.6.6, v1.5.5.6 and v1.5.4.7
git-1.5.6.6-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
git-1.5.4.3-3.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
git-1.6.0.6-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.