Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 649
    • Issues 649
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 204
    • Merge Requests 204
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #9884

Closed
Open
Opened Jan 21, 2019 by Alicha CH@alichaReporter

[3.9] gitolite: security issue in optional bundle helper ("rsync" command) (CVE-2018-20683)

commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows
attackers to have a “bad” impact by triggering use of an option other than -v, -n, -q, or -P.

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-20683
https://github.com/sitaramc/gitolite/blob/master/CHANGELOG

Patch:

https://github.com/sitaramc/gitolite/commit/5df2b817255ee919991da6c310239e08c8fcc1ae

(from redmine: issue id 9884, created on 2019-01-21, closed on 2019-01-24)

  • Relations:
    • parent #9883 (closed)
  • Changesets:
    • Revision 87c443db by Natanael Copa on 2019-01-23T19:14:38Z:
main/gitolite: security upgrade to 3.6.11 (CVE-2018-20683)

fixes #9884
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
3.9.0
Milestone
3.9.0 (Past due)
Assign milestone
Time tracking
None
Due date
None
Reference: alpine/aports#9884