{"affected":[{"ecosystem_specific":{"binaries":[{"gitolite":"3.6.11-bp150.3.6.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15","name":"gitolite","purl":"pkg:rpm/suse/gitolite&distro=SUSE%20Package%20Hub%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.6.11-bp150.3.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"gitolite":"3.6.11-bp150.3.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.0","name":"gitolite","purl":"pkg:rpm/opensuse/gitolite&distro=openSUSE%20Leap%2015.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.6.11-bp150.3.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for gitolite fixes the following security issue:\n\n- CVE-2018-20683: The rsync command line was not handled correctly, allow malicious rsync options (boo#1121570)\n\nThe version update to 3.6.11 also contains a number of upstream bug fixes.\n","id":"openSUSE-SU-2019:0054-1","modified":"2019-03-23T09:56:50Z","published":"2019-03-23T09:56:50Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/I4CQ24NPVY3XBLHSV4P3ZA6O6CYT6HON/#I4CQ24NPVY3XBLHSV4P3ZA6O6CYT6HON"},{"type":"REPORT","url":"https://bugzilla.suse.com/1121570"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-20683"}],"related":["CVE-2018-20683"],"summary":"Security update for gitolite","upstream":["CVE-2018-20683"]}