Fedora 30: viewvc FEDORA-2020-c952520959
Summary
ViewVC is a browser interface for CVS and Subversion version control
repositories. It generates templatized HTML to present navigable directory,
revision, and change log listings. It can display specific versions of files
as well as diffs between those versions. Basically, ViewVC provides the bulk
of the report-like functionality you expect out of your version control tool,
but much more prettily than the average textual command-line program output.
Fix for CVE-2020-5283. ViewVC 1.1.28 ChangeLog - security fix: escape subdir
lastmod file name (#211) - fix standalone.py first request failure (#195)
ViewVC 1.1.27 ChangeLog: - suppress stack traces (with option to show) (#140)
- distinguish text/binary/image files by icons (#166, #175) - colorize
alternating file content lines (#167) - link to the instance root from the
ViewVC logo (#168) - display directory and root counts, too (#169) - fix double
fault error in standalone.py (#157) - support timezone offsets with minutes
piece (#176)
* Wed May 6 2020 Bojan Smojver
- bump up to 1.1.28
- CVE-2020-5283
[ 1 ] Bug #1831804 - CVE-2020-5283 viewvc: XSS vulnerability in CVS show_subdir_lastmod support [fedora-30]
https://bugzilla.redhat.com/show_bug.cgi?id=1831804
[ 2 ] Bug #1831805 - CVE-2020-5283 viewvc: XSS vulnerability in CVS show_subdir_lastmod support [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=1831805
[ 3 ] Bug #1831806 - CVE-2020-5283 viewvc: XSS vulnerability in CVS show_subdir_lastmod support [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1831806
su -c 'dnf upgrade --advisory FEDORA-2020-c952520959' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
FEDORA-2020-c952520959 2020-05-15 04:09:52.670496 Product : Fedora 30 Version : 1.1.28 Release : 1.fc30 URL : https://www.viewvc.org/ Summary : Browser interface for CVS and SVN version control repositories Description : ViewVC is a browser interface for CVS and Subversion version control repositories. It generates templatized HTML to present navigable directory, revision, and change log listings. It can display specific versions of files as well as diffs between those versions. Basically, ViewVC provides the bulk of the report-like functionality you expect out of your version control tool, but much more prettily than the average textual command-line program output. Fix for CVE-2020-5283. ViewVC 1.1.28 ChangeLog - security fix: escape subdir lastmod file name (#211) - fix standalone.py first request failure (#195) ViewVC 1.1.27 ChangeLog: - suppress stack traces (with option to show) (#140) - distinguish text/binary/image files by icons (#166, #175) - colorize alternating file content lines (#167) - link to the instance root from the ViewVC logo (#168) - display directory and root counts, too (#169) - fix double fault error in standalone.py (#157) - support timezone offsets with minutes piece (#176) * Wed May 6 2020 Bojan Smojver - 1.1.28-1 - bump up to 1.1.28 - CVE-2020-5283 [ 1 ] Bug #1831804 - CVE-2020-5283 viewvc: XSS vulnerability in CVS show_subdir_lastmod support [fedora-30] https://bugzilla.redhat.com/show_bug.cgi?id=1831804 [ 2 ] Bug #1831805 - CVE-2020-5283 viewvc: XSS vulnerability in CVS show_subdir_lastmod support [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1831805 [ 3 ] Bug #1831806 - CVE-2020-5283 viewvc: XSS vulnerability in CVS show_subdir_lastmod support [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1831806 su -c 'dnf upgrade --advisory FEDORA-2020-c952520959' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Change Log
References