{"id":"MGASA-2019-0058","summary":"Updated gitolite packages fixes security vulnerability","details":"In commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables\nrsync, mishandles the rsync command line, which allows attackers to have\na \"bad\" impact by triggering use of an option other than -v, -n, -q, or\n-P (CVE-2018-20683).\n","modified":"2026-01-30T16:27:26.950013Z","published":"2019-01-31T22:55:16Z","related":["CVE-2018-20683"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0058.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24210"},{"type":"REPORT","url":"https://lists.opensuse.org/opensuse-updates/2019-01/msg00062.html"}],"affected":[{"package":{"name":"gitolite","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/gitolite?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6.11-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0058.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}