On Mon, Jan 3, 2011 at 21:11, Magnus Hagander <magnus@hagander.net> wrote:
> On Mon, Jan 3, 2011 at 21:07, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Just read this on the Fedora update feed:
>>
>>> Update to 1.7.3.4 release which fixes various issues, notably:
>>>
>>> * cross-site scripting (XSS) flaw was found in the web interface of Git distributed revision control system. A
remoteattacker could use this flaw to execute arbitrary HTML or scripting code by providing a certain URL with
specially-craftedvalues of f and fp variables. (CVE-2010-3906)
>>
>> Not sure if that impacts the PG gitweb server, but seems like it merits
>> prompt investigation.
>
> Probably does, will investigate and upgrade.
Upgraded.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/