Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 30: FEDORA-2020-c952520959 Moderate: ViewVC XSS Threat Fix

fedora
Calendar Grey May 15, 2020
Dist Fedora Esm H88
Fedora Upgrade for ViewVC 1.1.29 addressing CVE-2021-1234 XSS issue, improving functionalities and safety.
Fix for CVE-2020-5283

Summary

ViewVC is a browser interface for CVS and Subversion version control

repositories. It generates templatized HTML to present navigable directory,

revision, and change log listings. It can display specific versions of files

as well as diffs between those versions. Basically, ViewVC provides the bulk

of the report-like functionality you expect out of your version control tool,

but much more prettily than the average textual command-line program output.

Fix for CVE-2020-5283. ViewVC 1.1.28 ChangeLog - security fix: escape subdir

lastmod file name (#211) - fix standalone.py first request failure (#195)

ViewVC 1.1.27 ChangeLog: - suppress stack traces (with option to show) (#140)

- distinguish text/binary/image files by icons (#166, #175) - colorize

alternating file content lines (#167) - link to the instance root from the

ViewVC logo (#168) - display directory and root counts, too (#169) - fix double

fault error in standalone.py (#157) - support timezone offsets with minutes

piece (#176)

* Wed May 6 2020 Bojan Smojver - 1.1.28-1

- bump up to 1.1.28

- CVE-2020-5283

[ 1 ] Bug #1831804 - CVE-2020-5283 viewvc: XSS vulnerability in CVS show_subdir_lastmod support [fedora-30]

https://bugzilla.redhat.com/show_bug.cgi?id=1831804

[ 2 ] Bug #1831805 - CVE-2020-5283 viewvc: XSS vulnerability in CVS show_subdir_lastmod support [epel-6]

https://bugzilla.redhat.com/show_bug.cgi?id=1831805

[ 3 ] Bug #1831806 - CVE-2020-5283 viewvc: XSS vulnerability in CVS show_subdir_lastmod support [epel-7]

https://bugzilla.redhat.com/show_bug.cgi?id=1831806

su -c 'dnf upgrade --advisory FEDORA-2020-c952520959' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory software update Fedora XSS version control threat fix

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 30
Version: 1.1.28
Release: 1.fc30
URL: https://www.viewvc.org/
Summary: Browser interface for CVS and SVN version control repositories

Topics%20covered

Topics Covered

security advisory software update Fedora XSS version control threat fix

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here