siddharthvipul1 / pagure

Forked from pagure 4 years ago
Clone
Source Code
GIT

9d1740a Enforce that remote PR rely on a remote git repository

Authored and Committed by pingou 5 years ago
raw patch tree parent
3 files changed. 169 lines added. 142 lines removed.
pagure/forms.py
file modified
+4 -1
pagure/utils.py
file modified
+1 -1
tests/test_pagure_flask_ui_remote_pr.py
file modified
+164 -140 
    Enforce that remote PR rely on a remote git repository
    
    Otherwise, potentially, this could lead to leaking out private information
    if someone manages to open a remote PR from a private project stored of
    this pagure instance.
    
    This commit fixes the CVE: CVE-2018-1002158
    Thanks to Patrick Uiterwijk for reporting it!
    
    Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
file modified
+4 -1
file modified
+1 -1
file modified
+164 -140
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.