[BSA-024] Security Update for git

To: Backports Announce <debian-backports-announce@lists.debian.org>
Subject: [BSA-024] Security Update for git
From: Sebastian Harl <tokkee@debian.org>
Date: Mon, 14 Feb 2011 10:09:06 +0100
Message-id: <[🔎] 20110214090905.GD16462@chough.tokkee.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sebastian Harl uploaded new packages for git which fixed the following
security problem:

CVE-2010-3906, Debian Bug #607248
  Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier
  allows remote attackers to inject arbitrary web script or HTML via the
  (1) f and (2) fp parameters.

For the lenny-backports distribution the problem has been fixed in
version 1:1.7.2.3-2.2~bpo50+1.

For the oldstable (lenny) distribution the problem has been fixed in
version 1:1.5.6.5-3+lenny3.3.

For the stable (squeeze), testing (wheezy) and unstable (sid)
distributions the problem has been fixed in version 1:1.7.2.3-2.2.

Upgrade instructions
- - --------------------

If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with
the packagelist of your installed packages affected by this update.
[1] <http://backports.debian.org/Instructions>

We recommend to pin the backports repository to 200 so that new
versions of installed  backports will be installed automatically.

  Package: *
  Pin: release a=lenny-backports
  Pin-Priority: 200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAk1Y8TEACgkQEFEKc4UBx/y5uACgiwFeK1c8u57+a/qvAbJASoZT
pEsAn3Uo3UXH3C0A7XzxITymeTbd2qfF
=09c+
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: squeeze-backports and lenny-backports-sloppy started
Next by Date: [BSA-025] Security Update for openafs
Previous by thread: squeeze-backports and lenny-backports-sloppy started
Next by thread: [BSA-025] Security Update for openafs
Index(es):
- Date
- Thread