pool/git
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 78321 from devel:tools:scm

Browse Source 
- Fix VUL-0: cgit: XSS flaw in rename hint (CVE-2011-2711,
  bnc#707929)

OBS-URL: https://build.opensuse.org/request/show/78321
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git?expand=0&rev=68
This commit is contained in:
Sascha Peilicke 2011-08-09 08:56:05 +00:00 committed by Git OBS Bridge
parent 630b9fbc08
commit cfe759d035
3 changed files with 43 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
cgit-CVE-2011-2711-fix.diff Normal file
View File

@ -0,0 +1,35 @@
From bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <cgit@cryptocrack.de>
Date: Fri, 22 Jul 2011 11:47:19 +0000
Subject: Fix potential XSS vulnerability in rename hint
The file name displayed in the rename hint should be escaped to avoid
XSS. Note that this vulnerability is only applicable when an attacker
has gained push access to the repository.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
---
---
ui-diff.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/ui-diff.c
+++ b/ui-diff.c
@@ -97,10 +97,12 @@
htmlf("</td><td class='%s'>", class);
cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1,
ctx.qry.sha2, info->new_path, 0);
- if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED)
- htmlf(" (%s from %s)",
- info->status == DIFF_STATUS_COPIED ? "copied" : "renamed",
- info->old_path);
+ if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) {
+ htmlf(" (%s from ",
+ info->status == DIFF_STATUS_COPIED ? "copied" : "renamed");
+ html_txt(info->old_path);
+ html(")");
+ }
html("</td><td class='right'>");
if (info->binary) {
htmlf("bin</td><td class='graph'>%ld -> %ld bytes",

6
cgit.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Aug 5 15:13:43 CEST 2011 - tiwai@suse.de
- Fix VUL-0: cgit: XSS flaw in rename hint (CVE-2011-2711,
bnc#707929)
-------------------------------------------------------------------
Mon Jun 27 18:22:11 CEST 2011 - tiwai@suse.de

2
cgit.spec
View File

@ -32,6 +32,7 @@ Source1: git-%{git_version}.tar.bz2
Source2: cgitrc
Patch: cgit-optflags.diff
Patch1: cgit-git-1.7.5.x-build-fix.diff
Patch2: cgit-CVE-2011-2711-fix.diff
# Requirements for cgit
BuildRequires: gnu-crypto libopenssl-devel libzip-devel
# Requirements for cgitrc man page generation
@ -51,6 +52,7 @@ Authors:
%setup -q -T -D -a 1
%patch -p1
%patch1 -p1
%patch2 -p1
rm -rf git
mv git-%{git_version} git