~sircmpwn/sr.ht-admins

Security vulnerabilities require urgent updates to hg.sr.ht, git.sr.ht

Details
Message ID
<CRLGGK24TGZU.2WWQ9F6CBBBNE@taiga>
DKIM signature
missing
Download raw message
hg.sr.ht and git.sr.ht versions prior to 0.32.3 and 0.83.5 respectively
were vulnerable to command injection, which allows a remote user to
execute arbitrary commands as the hg or git user on the host.

Administrators of third-party SourceHut instances are advised to upgrade
your instance to hg.sr.ht 0.32.3 or newer and git.sr.ht 0.83.5 or newer
urgently.

Thanks to Thomas Chauchefoin for discovering and responsibly disclosing
these vulnerabilities.
Reply to thread Export thread (mbox)