Integration with Bugzilla?

Lukas Fleischer cgit at
Mon Sep 29 22:32:23 CEST 2014

On Mon, 29 Sep 2014 at 20:33:28, Ferry Huberts wrote:
> [...]
> my server is guaranteed to have bash, so no need to change it.
> but thanks for the hint anyway :-)

I am not (only) talking about portability here. My main concern is the
current spate of bash vulnerabilities. As John pointed out earlier [1],
these can be used to remotely exploit any cgit setup that uses a bash
filter. We currently have at least five CVEs, some of which are very
critical. So if you really want to use bash, you should at least closely
follow the developments and always update your bash binary when there's
a new security patch.

> also, this script is a very minor modification of the script that's in 
> the source tree.
> -- 
> Ferry Huberts


More information about the CGit mailing list