User: Password:
|
|
Subscribe / Log in / New account

Fedora alert FEDORA-2012-16674 (viewvc)

From:  updates@fedoraproject.org
To:  package-announce@lists.fedoraproject.org
Subject:  [SECURITY] Fedora 17 Update: viewvc-1.1.17-1.fc17
Date:  Tue, 06 Nov 2012 07:49:59 +0000
Message-ID:  <20121106074959.71D4620BAC@bastion01.phx2.fedoraproject.org>
Archive-link:  Article, Thread

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2012-16674 2012-10-23 01:30:16 -------------------------------------------------------------------------------- Name : viewvc Product : Fedora 17 Version : 1.1.17 Release : 1.fc17 URL : http://www.viewvc.org/ Summary : Browser interface for CVS and SVN version control repositories Description : ViewVC is a browser interface for CVS and Subversion version control repositories. It generates templatized HTML to present navigable directory, revision, and change log listings. It can display specific versions of files as well as diffs between those versions. Basically, ViewVC provides the bulk of the report-like functionality you expect out of your version control tool, but much more prettily than the average textual command-line program output. -------------------------------------------------------------------------------- Update Information: Patch CVE-2012-4533. Version 1.1.16 - security fix: escape "extra" diff info to avoid XSS attack (issue #515) - add 'binary_mime_types' configuration option and handling (issue #510) - fix 'select for diffs' persistence across log pages (issue #512) - remove lock status and filesize check on directories in remote SVN views - fix bogus 'Annotation of' page title for non-annotated view (issue #514) Version 1.1.17 (released 25-Oct-2012) - fix exception caused by uninitialized variable usage (issue #516) -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 26 2012 Bojan Smojver <bojan@rexursive.com> - 1.1.17-1 - bump up to 1.1.17 * Thu Oct 25 2012 Bojan Smojver <bojan@rexursive.com> - 1.1.16-1 - bump up to 1.1.16 - drop patch for CVE-2012-4533, part of the release * Mon Oct 22 2012 Bojan Smojver <bojan@rexursive.com> - 1.1.15-3 - patch CVE-2012-4533, bug #868606 * Sun Jul 22 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.15-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Sat Jun 23 2012 Bojan Smojver <bojan@rexursive.com> - 1.1.15-1 - bump up to 1.1.15 * Wed Jun 13 2012 Bojan Smojver <bojan@rexursive.com> - 1.1.14-1 - bump up to 1.1.14 -------------------------------------------------------------------------------- References: [ 1 ] Bug #868606 - CVE-2012-4533 viewvc: lib/viewvc.py XSS https://bugzilla.redhat.com/show_bug.cgi?id=868606 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update viewvc' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds