FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cgit -- multiple vulnerabilities

Affected packages
		cgit	<	0.12

Details

VuXML ID	62c0dbbd-bfce-11e5-b5fe-002590263bf5
Discovery	2016-01-14
Entry	2016-01-20

Jason A. Donenfeld reports:

Reflected Cross Site Scripting and Header Injection in Mimetype Query String.

Stored Cross Site Scripting and Header Injection in Filename Parameter.

Integer Overflow resulting in Buffer Overflow.

[source]

References

CVE Name	CVE-2016-1899
CVE Name	CVE-2016-1900
CVE Name	CVE-2016-1901
FreeBSD PR	ports/206417
URL	http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html
URL	http://www.openwall.com/lists/oss-security/2016/01/14/6