CVE-2010-3906
Published: 17 December 2010
Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.
Notes
Author | Note |
---|---|
mdeslaur | git in dapper and hardy is something unrelated |
sbeattie | fix is needed in hardy, though half the functions that it applies to don't exist. Also needs examination for other locations. Did not inspect dapper. |
Priority
Status
Package | Release | Status |
---|---|---|
git Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(unrelated package)
|
hardy |
Not vulnerable
(unrelated package)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Released
(1:1.7.1-1.1ubuntu0.1)
|
|
natty |
Not vulnerable
(1:1.7.2.3-2.2)
|
|
oneiric |
Not vulnerable
(1:1.7.2.3-2.2)
|
|
upstream |
Released
(1.7.3.4)
|
|
Binaries built from this source package are in Universe and so are supported by the community. | ||
git-core Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Ignored
(end of life)
|
|
karmic |
Released
(1:1.6.3.3-2ubuntu0.1)
|
|
lucid |
Released
(1:1.7.0.4-1ubuntu0.2)
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Released
(1.7.3.4)
|
|
Binaries built from this source package are in Universe and so are supported by the community. |