Package: cgit Version: 0.12.0.git2.7.0-1 Severity: grave Tags: security upstream Justification: user security hole
Dear Maintainer, The above version of cgit embeds git 2.7.0, which is affected by CVE-2016-2315 [1]. The update to cgit 1.0 [2, 3] includes git 2.8.3, which fixes the issue. [1] https://security-tracker.debian.org/tracker/CVE-2016-2315 [2] http://article.gmane.org/gmane.comp.version-control.cgit/3076 [2] https://bugs.debian.org/826764 Regards, Peter
