From mboxrd@z Thu Jan 1 00:00:00 1970 From: cgit at cryptocrack.de (Lukas Fleischer) Date: Mon, 29 Sep 2014 22:32:23 +0200 Subject: Integration with Bugzilla? In-Reply-To: <5429A5F8.1050504@hupie.com> References: <5429A06C.30707@hupie.com> <20140929183049.1785.85360@typhoon.lan> <5429A5F8.1050504@hupie.com> Message-ID: <20140929203223.2104.57735@typhoon.lan> On Mon, 29 Sep 2014 at 20:33:28, Ferry Huberts wrote: > [...] > my server is guaranteed to have bash, so no need to change it. > but thanks for the hint anyway :-) > I am not (only) talking about portability here. My main concern is the current spate of bash vulnerabilities. As John pointed out earlier [1], these can be used to remotely exploit any cgit setup that uses a bash filter. We currently have at least five CVEs, some of which are very critical. So if you really want to use bash, you should at least closely follow the developments and always update your bash binary when there's a new security patch. > also, this script is a very minor modification of the script that's in > the source tree. > > -- > Ferry Huberts > [1] http://lists.zx2c4.com/pipermail/cgit/2014-September/002236.html