Makefile | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

---

tests/t0112-no-repo-found.sh | 12 12 + 0 - 0 !
ui-repolist.c | 51 38 + 13 - 0 !
2 files changed, 50 insertions(+), 13 deletions(-)

 return a proper status code when there is no repository found

cgit.conf | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 add hardening
 Add hardening to cgit.

cgit.c | 2 0 + 2 - 0 !
cgit.h | 1 0 + 1 - 0 !
ui-blob.c | 1 0 + 1 - 0 !
3 files changed, 4 deletions(-)

 [patch] ui-blob: do not accept mimetype from user

html.c | 26 26 + 0 - 0 !
html.h | 1 1 + 0 - 0 !
ui-shared.c | 8 5 + 3 - 0 !
3 files changed, 32 insertions(+), 3 deletions(-)

 [patch] ui-shared: prevent malicious filename from injecting headers

cgit.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] filter: avoid integer overflow in authenticate_post

ctx.env.content_length is an unsigned int, coming from the
CONTENT_LENGTH environment variable, which is parsed by strtoul. The
HTTP/1.1 spec says that "any Content-Length greater than or equal to
zero is a valid value." By storing this into an int, we potentially
overflow it, resulting in the following bounding check failing, leading
to a buffer overflow.

Reported-by: Erik Cabetas <[email protected]>
Signed-off-by: Jason A. Donenfeld <[email protected]>

filters/html-converters/txt2html | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] filters: apply html escaping

http://www.w3.org/International/questions/qa-escapes#use