Comment 4 for bug 1787021

This bug was fixed in the package cgit - 1.1+git2.10.2-3ubuntu0.1

---------------
cgit (1.1+git2.10.2-3ubuntu0.1) bionic-security; urgency=high

  * SECURITY UPDATE: Directory traversal vulnerability.
    - d/p/clone-fix-directory-traversal.patch:
      This fixes a directory traversal vulnerability in CGit
      before 1.2.1 when `enable-http-clone=1` is not turned off,
      as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
    - CVE-2018-14912 (LP: #1787021)

 -- Unit 193 <email address hidden> Tue, 14 Aug 2018 15:57:15 -0400