bug / pagure

Clone
Source Code
GIT

9d1740 Enforce that remote PR rely on a remote git repository

Authored and Committed by Pierre-Yves Chibon 6 years ago
raw patch tree parent
3 files changed. 169 lines added. 142 lines removed.
pagure/forms.py
file modified
+4 -1
pagure/utils.py
file modified
+1 -1
tests/test_pagure_flask_ui_remote_pr.py
file modified
+164 -140 
    Enforce that remote PR rely on a remote git repository
    
    Otherwise, potentially, this could lead to leaking out private information
    if someone manages to open a remote PR from a private project stored of
    this pagure instance.
    
    This commit fixes the CVE: CVE-2018-1002158
    Thanks to Patrick Uiterwijk for reporting it!
    
    Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr></pingou@pingoured.fr>
file modified
+4 -1
file modified
+1 -1
file modified
+164 -140

Powered by Pagure 5.7.4

SSH Hostkey/Fingerprint | Documentation | About

© 2014-2019 Red Hat, Inc. and others.

Logo by Pavel Lashutin