This is just a heads-up for the security issues that were discovered in gitweb, that are likely to affect instance running on git.fedorahosted.org (1.5.5.6 according to the pages source code).
Details and patches in: https://bugzilla.redhat.com/show_bug.cgi?id=479715
Ricky's working to actively exploit this issue, I'm rebuilding git-1.6.0 (or attempting to) and tmz is working to apply the patches.
K, I've just disabled the git_snapshot functions and the git_search functions. The web interface should be just fine, people will just get a 403 error if they try to do any searching or snapshot stuff (whatever that is)
1.6.0 didn't rebuild cleanly for me so tmz is looking at it.
We successfully reproduced the exploit and now have an updated package installed. The search and snapshot capabilities should be restored now.
yep, this is all fixed. Closing ticket.
Login to comment on this ticket.