Integration with Bugzilla?
Lukas Fleischer
cgit at cryptocrack.de
Mon Sep 29 22:32:23 CEST 2014
On Mon, 29 Sep 2014 at 20:33:28, Ferry Huberts wrote:
> [...]
> my server is guaranteed to have bash, so no need to change it.
> but thanks for the hint anyway :-)
>
I am not (only) talking about portability here. My main concern is the
current spate of bash vulnerabilities. As John pointed out earlier [1],
these can be used to remotely exploit any cgit setup that uses a bash
filter. We currently have at least five CVEs, some of which are very
critical. So if you really want to use bash, you should at least closely
follow the developments and always update your bash binary when there's
a new security patch.
> also, this script is a very minor modification of the script that's in
> the source tree.
>
> --
> Ferry Huberts
>
[1] http://lists.zx2c4.com/pipermail/cgit/2014-September/002236.html
More information about the CGit
mailing list