drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Cross-Site Scripting in ViewVC
| Name: |
Cross-Site Scripting in ViewVC |
|
| ID: |
FEDORA-2012-16646 |
|
| Distribution: |
Fedora |
|
| Plattformen: |
Fedora 18 |
|
| Datum: |
Fr, 23. November 2012, 10:20 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4533 |
|
| Applikationen: |
ViewVC |
|
Originalnachricht |
Name : viewvc
Product : Fedora 18
Version : 1.1.17
Release : 2.fc18
URL : http://www.viewvc.org/
Summary : Browser interface for CVS and SVN version control repositories
Description :
ViewVC is a browser interface for CVS and Subversion version control
repositories. It generates templatized HTML to present navigable directory,
revision, and change log listings. It can display specific versions of files
as well as diffs between those versions. Basically, ViewVC provides the bulk
of the report-like functionality you expect out of your version control tool,
but much more prettily than the average textual command-line program output.
-------------------------------------------------------------------------------
-
Update Information:
Patch CVE-2012-4533.
Version 1.1.16
- security fix: escape "extra" diff info to avoid XSS attack (issue
#515)
- add 'binary_mime_types' configuration option and handling (issue
#510)
- fix 'select for diffs' persistence across log pages (issue #512)
- remove lock status and filesize check on directories in remote SVN views
- fix bogus 'Annotation of' page title for non-annotated view (issue
#514)
Version 1.1.17 (released 25-Oct-2012)
- fix exception caused by uninitialized variable usage (issue #516)
-------------------------------------------------------------------------------
-
References:
[ 1 ] Bug #868606 - CVE-2012-4533 viewvc: lib/viewvc.py XSS
https://bugzilla.redhat.com/show_bug.cgi?id=868606
-------------------------------------------------------------------------------
-
This update can be installed with the "yum" update program. Use
su -c 'yum update viewvc' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|
