Security vulnerabilities require urgent updates to hg.sr.ht, git.sr.ht

Message ID
DKIM signature
Download raw message
hg.sr.ht and git.sr.ht versions prior to 0.32.3 and 0.83.5 respectively
were vulnerable to command injection, which allows a remote user to
execute arbitrary commands as the hg or git user on the host.

Administrators of third-party SourceHut instances are advised to upgrade
your instance to hg.sr.ht 0.32.3 or newer and git.sr.ht 0.83.5 or newer

Thanks to Thomas Chauchefoin for discovering and responsibly disclosing
these vulnerabilities.
Reply to thread Export thread (mbox)