openSUSE Security Update : git-web (openSUSE-SU-2011:0705-1)
High Nessus Plugin ID 75517
SynopsisThe remote openSUSE host is missing a security update.
DescriptionUsers with commit access to repos served by git-web could cause cross site scripting (XSS) issues with XML files (CVE-2011-2186).
Due to a differently formatted /etc/mime.types openSUSE is not affected by default.
This update nevertheless turns on git-web's XSS protection mechanism to avoid similar problems in the future.
To turn XSS protection off again put the following line in /etc/gitweb.conf :
$prevent_xss = 0;
SolutionUpdate the affected git-web package.