Fedora 10 Update FEDORA-2009-8501 Critical: ViewVC XSS Prevention Fix
fedora
August 12, 2009
CHANGES in 1.0.9: - security fix: validate the 'view' parameter to avoid XSS
attack - security fix: avoid printing illegal parameter names and values
Also includes: Patch ...
Summary
ViewVC is a browser interface for CVS and Subversion version control
repositories. It generates templatized HTML to present navigable directory,
revision, and change log listings. It can display specific versions of files
as well as diffs between those versions. Basically, ViewVC provides the bulk
of the report-like functionality you expect out of your version control tool,
but much more prettily than the average textual command-line program output.
Update Information:
CHANGES in 1.0.9: - security fix: validate the 'view' parameter to avoid XSS attack - security fix: avoid printing illegal parameter names and values Also includes: Patch by Patrick Monnerat to make allow_tar work on F-10.
Change Log
* Wed Aug 12 2009 Bojan Smojver
References
[ 1 ] Bug #513006 - "allow_tar" option does not work
https://bugzilla.redhat.com/show_bug.cgi?id=513006
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update viewvc' at the command line. For more information, refer to "Managing Software with yum", available at .
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: viewvc
Product: Fedora 10
Version: 1.0.9
Release: 1.fc10
Summary: Browser interface for CVS and SVN version control repositories
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!