Dear Debian Security Team, I believe that cgit versions before 1.0 are affected by both CVE-2016-2315 and CVE-2016-2324. I did not include the latter when reporting this bug initially since it was not mentioned in the release announcement for cgit 1.0.
Regards, Peter _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
