Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <5264B39B.3040607@gmail.com>
Date: Mon, 21 Oct 2013 10:24:51 +0530
From: Sitaram Chamarty <sitaramc@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: gitolite world writable files for fresh installs of
 v3.5.3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Announcement:
    https://groups.google.com/forum/#!topic/gitolite/Tu1sjaf7A4A/discussion

Code change:
    https://github.com/sitaramc/gitolite/commit/3dad4f8e3214d6ab5f71823019a624fa48b055a3
        (or)
    http://code.google.com/p/gitolite/source/detail?r=3dad4f8e3214d6ab5f71823019a624fa48b055a3#

Brief description (main points of announcement):
    Fresh installs between fa06a34 (approx Sep 3rd) and v3.5.3,
    inclusive, create a few world writable files.  Sites which installed
    before that date are not affected, even if they subsequently
    upgraded to the faulty commit or beyond.  Affected sites need to run
    a one-time 'chmod -R' to fix.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSZLOUAAoJEKRCkIUIgjelLpQP/AzeupcvdnTZE2vycwn5nXA+
Elk/NzHA8sfXGy220FPJMWI4Ke6rpvq8dXWqBAwFWtrpVvFK67Hm08SCFaneCglk
PacUfs1j5n2rYjOwDu8OExSpjYcbkEPRNw/KxXdpOHjTG64n7uMGbCntWoOfvyn7
NfGL94eDFWTbeiXX58vqdEQoQWrJEI9ldTuozwv/b3O6XCSE9Z3XTortkXmBHv2U
7SvP1IZm5+ZPOUNV7tOy2U9IjdBB6ncbAGDbhZZTwJfIT0IZCXZ5a0ECRZ/j9zAr
7QHeDxNyBFAuz0QsO/b2WV9e0gQX3cEVdPofjGLcX4BbncxI/WaSnOpH0YSjanID
C/SCThJXfJ1s+L26FVKPNsf5eAVPYLkX1OeEqCfM5arioDXuKbMSBM2rkKxEcxYA
+23GtkG4rHxmWjTsFXAKhMO82x0PIH4tpH1JpHZpAuk+A6i8Ex9O7fxs/D+C1Y9B
dyoQC1dIRkJfz5w0KVCEj+/Z8seMWpUKf8o63BKgfMFabd7tdPClR2ly1R9Y2ckP
VVSkk5zyjppjv+MHPiMp/4kWtPs+xL41+nmbpnyc+rDlbcEus7+ggHCwZnlLqFuf
CLsjy42VJsULxnsdpTIlM6iDxO6YP/aKT4bX8IiEnHyHG3BoqxmnmNAQrehjdLVl
oF5XJs1MkTmzPttHx9zY
=LUfF
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.