Sicherheit: Cross-Site Scripting in ViewVC
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in ViewVC
ID: FEDORA-2017-bd3c3c957f
Distribution: Fedora
Plattformen: Fedora 25
Datum: Do, 9. Februar 2017, 07:32
Referenzen: Keine Angabe
Applikationen: ViewVC


Name        : viewvc
Product : Fedora 25
Version : 1.1.26
Release : 1.fc25
URL : http://www.viewvc.org/
Summary : Browser interface for CVS and SVN version control repositories
Description :
ViewVC is a browser interface for CVS and Subversion version control
repositories. It generates templatized HTML to present navigable directory,
revision, and change log listings. It can display specific versions of files
as well as diffs between those versions. Basically, ViewVC provides the bulk
of the report-like functionality you expect out of your version control tool,
but much more prettily than the average textual command-line program output.

Update Information:

Version 1.1.26 (released 24-Jan-2017) * security fix: escape nav_data name
avoid XSS attack Version 1.1.25 (released 15-Sep-2016) * fix _rev2optrev
assertion on long input

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade viewvc' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Unterstützer werden
Neue Nachrichten