Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

viewcvs settings not honored

Package(s):

viewcvs

CVE #(s):

CAN-2004-0915

Created:

December 6, 2004

Updated:

December 28, 2004

Description:

Hajvan Sehic discovered several vulnerabilities in viewcvs, a utility for viewing CVS and Subversion repositories via HTTP. When exporting a repository as a tar archive the hide_cvsroot and forbidden settings were not honored.

Alerts:

Gentoo	200412-26	2004-12-28
Debian	DSA-605-1	2004-12-06

(Log in to post comments)