Just read this on the Fedora update feed:
> Update to 1.7.3.4 release which fixes various issues, notably:
>
> * cross-site scripting (XSS) flaw was found in the web interface of Git distributed revision control system. A remote
attackercould use this flaw to execute arbitrary HTML or scripting code by providing a certain URL with
specially-craftedvalues of f and fp variables. (CVE-2010-3906)
Not sure if that impacts the PG gitweb server, but seems like it merits
prompt investigation.
regards, tom lane