4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.03 Low
EPSS
Percentile
90.9%
Sebastian Harl uploaded new packages for git which fixed the following
security problem:
CVE-2010-3906, Debian Bug #607248
Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier
allows remote attackers to inject arbitrary web script or HTML via the
(1) f and (2) fp parameters.
For the lenny-backports distribution the problem has been fixed in
version 1:1.7.2.3-2.2~bpo50+1.
For the oldstable (lenny) distribution the problem has been fixed in
version 1:1.5.6.5-3+lenny3.3.
For the stable (squeeze), testing (wheezy) and unstable (sid)
distributions the problem has been fixed in version 1:1.7.2.3-2.2.
Upgrade instructions
If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with
the packagelist of your installed packages affected by this update.
[1] <http://backports.debian.org/Instructions>
We recommend to pin the backports repository to 200 so that new
versions of installed backports will be installed automatically.
Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 999 | all | gitk | < 1:1.7.2.3-2.2 | gitk_1:1.7.2.3-2.2_all.deb |
Debian | 7 | all | git-doc | < 1:1.7.2.3-2.2 | git-doc_1:1.7.2.3-2.2_all.deb |
Debian | 6 | all | git-daemon-run | < 1:1.7.2.3-2.2 | git-daemon-run_1:1.7.2.3-2.2_all.deb |
Debian | 7 | amd64 | git | < 1:1.7.2.3-2.2 | git_1:1.7.2.3-2.2_amd64.deb |
Debian | 7 | ia64 | git | < 1:1.7.2.3-2.2 | git_1:1.7.2.3-2.2_ia64.deb |
Debian | 7 | all | git-email | < 1:1.7.2.3-2.2 | git-email_1:1.7.2.3-2.2_all.deb |
Debian | 999 | all | gitweb | < 1:1.7.2.3-2.2 | gitweb_1:1.7.2.3-2.2_all.deb |
Debian | 7 | powerpc | git | < 1:1.7.2.3-2.2 | git_1:1.7.2.3-2.2_powerpc.deb |
Debian | 6 | all | git-arch | < 1:1.7.2.3-2.2 | git-arch_1:1.7.2.3-2.2_all.deb |
Debian | 999 | kfreebsd-amd64 | git | < 1:1.7.2.3-2.2 | git_1:1.7.2.3-2.2_kfreebsd-amd64.deb |