LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

openSUSE alert openSUSE-SU-2012:0831-1 (viewvc)



From:
    	      opensuse-security@opensuse.org 


To:
    	      opensuse-updates@opensuse.org 


Subject:
    	      openSUSE-SU-2012:0831-1: moderate: update for viewvc 


Date:
    	      Wed,  4 Jul 2012 09:09:57 +0200 (CEST)


Message-ID:
    	      <20120704070957.78D3032849@maintenance.suse.de>


Archive-link:
    	      Article, Thread
              


   openSUSE Security Update: update for viewvc
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2012:0831-1
Rating:             moderate
References:         #768680 
Cross-References:   CVE-2012-3356 CVE-2012-3357
Affected Products:
                    openSUSE 12.1
                    openSUSE 11.4
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:


   - update to 1.1.15 (bnc#768680):
   * security fix: complete authz support for remote SVN
   views (CVE-2012-3356)
   * security fix: log msg leak in SVN revision view with
   unreadable copy source (CVE-2012-3357)

   Additionally the following non-security issues have been
   addressed:

   * fix several instances of incorrect information in
   remote SVN views
   * increase performance of some revision metadata lookups
   in remote SVN views
   * fix RSS feed regression introduced in 1.1.14
   * fix annotation of svn files with non-URI-safe paths
   * handle file:/// Subversion rootpaths as local roots
   * fix bug caused by trying to case-normalize anon
   usernames
   * speed up log handling by reusing tokenization results
   * add support for custom review log markup rules
   * fix svndbadmin failure on deleted paths under
   Subversion 1.7
   * fix annotation of files in svn roots with non-URI-safe
   paths
   * fix stray annotation warning in markup display of images
   * more gracefully handle attempts to display binary
   content
   * fix path display in patch and certain diff views
   * fix broken cvsdb glob searching
   * allow svn revision specifiers to have leading r's
   * allow environmental override of configuration location
   * fix exception HTML-escaping non-string data under WSGI
   * add links to root logs from roots view
   * use Pygments lexer-guessing functionality

   - add supplements for apache2/subversion-server


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 12.1:

      zypper in -t patch openSUSE-2012-363

   - openSUSE 11.4:

      zypper in -t patch openSUSE-2012-363

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 12.1 (noarch):

      viewvc-1.1.15-4.4.1

   - openSUSE 11.4 (noarch):

      viewvc-1.1.15-6.1


References:

   http://support.novell.com/security/cve/CVE-2012-3356.html
   http://support.novell.com/security/cve/CVE-2012-3357.html
   https://bugzilla.novell.com/768680
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds