Candidate: CVE-2010-3906
PublicDate: 2010-12-17 19:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3906
 http://www.kernel.org/pub/software/scm/git/docs/RelNotes/1.7.3.4.txt
Description:
 Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier
 allows remote attackers to inject arbitrary web script or HTML via the (1)
 f and (2) fp parameters.
Ubuntu-Description:
Notes:
 mdeslaur> git in dapper and hardy is something unrelated
 sbeattie> fix is needed in hardy, though half the functions that it applies
  to don't exist. Also needs examination for other locations. Did not
  inspect dapper.
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_git:
Tags_git: universe-binary
upstream_git: released (1.7.3.4)
dapper_git: not-affected (unrelated package)
hardy_git: not-affected (unrelated package)
karmic_git: DNE
lucid_git: DNE
maverick_git: released (1:1.7.1-1.1ubuntu0.1)
natty_git: not-affected (1:1.7.2.3-2.2)
oneiric_git: not-affected (1:1.7.2.3-2.2)
devel_git: not-affected (1:1.7.2.3-2.2)

Patches_git-core:
Tags_git-core: universe-binary
upstream_git-core: released (1.7.3.4)
dapper_git-core: ignored (reached end-of-life)
hardy_git-core: ignored (reached end-of-life)
karmic_git-core: released (1:1.6.3.3-2ubuntu0.1)
lucid_git-core: released (1:1.7.0.4-1ubuntu0.2)
maverick_git-core: DNE
natty_git-core: DNE
oneiric_git-core: DNE
devel_git-core: DNE