[haiku-commits] [NOTICE] cgit http clone disabled due to CVE-2018-14912

  • From: "Alexander von Gluck IV" <kallisti5@xxxxxxxxxxx>
  • To: haiku-development@xxxxxxxxxxxxx, haiku-commits@xxxxxxxxxxxxx
  • Date: Sat, 04 Aug 2018 00:09:38 +0000

Good evening,

Waddlesplash alerted me of CVE-2018-14912 published this afternoon.

 https://nvd.nist.gov/vuln/detail/CVE-2018-14912 ;
(https://nvd.nist.gov/vuln/detail/CVE-2018-14912)

cgit allows read access to the entire filesystem access when http clones are 
enabled.

I've temporarily disabled http/https clones until we can get it upgraded.
Since cgit is in an isolated Docker container, no risk of data exposure or 
compromise is present.

The Github mirrors are a great option if you need http/https access to our 
repositories until fixed.

Thanks!

 -- Alexander von Gluck IV

Other related posts:

  • » [haiku-commits] [NOTICE] cgit http clone disabled due to CVE-2018-14912 - Alexander von Gluck IV