Control: retitle -1 gitolite3: CVE-2018-20683: security issue in optional
bundle helper ("rsync" command)
On Wed, Jan 09, 2019 at 10:44:51PM +0100, Salvatore Bonaccorso wrote:
> Source: gitolite3
> Version: 3.6.9-1
> Severity: important
> Tags: patch security upstream
>
> From
> https://github.com/sitaramc/gitolite/commit/5df2b817255ee919991da6c310239e08c8fcc1ae
>
> > Nick Cleaton (n...@cleaton.net) found and reported a security issue
> > caused by trusting the remote rsync too much. It appears that rsync
> > cannot -- without special precautions -- be used in any "restricted"
> > environment.
[...]
This issue has been assigned CVE-2018-20683.
Regards,
Salvatore
