Create an account

Subscribe to LWN

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

viewvc: cross-site scripting

Package(s):

viewvc

CVE #(s):

CVE-2012-4533

Created:

October 24, 2012

Updated:

November 6, 2012

Description:

From the Debian advisory:

"function name" lines returned by diff are not properly escaped, allowing attackers with commit access to perform cross site scripting.

Alerts:

Debian	DSA-2563-1	2012-10-23
Mageia	MGASA-2012-0313	2012-10-29
Fedora	FEDORA-2012-16674	2012-11-06
Fedora	FEDORA-2012-16673	2012-11-06
Mandriva	MDVSA-2013:134	2013-04-10

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds