Publishing details

Published on 2012-11-21
Copied from ubuntu precise in Private PPA for Ubuntu Security Team by Ubuntu Archive Robot

Changelog

viewvc (1.1.5-1.1+squeeze2build0.12.04.1) precise-security; urgency=low

  * fake sync from Debian

viewvc (1.1.5-1.1+squeeze2) stable-security; urgency=high

  * Non-maintainer upload.
  * CVE-2012-4533: Fix XSS in commit message view. Found and patch provided
    by Nicolás Alvarez (closes: #691062).

viewvc (1.1.5-1.1+squeeze1) stable-security; urgency=high

  * Non-maintainer upload.

  [ gregor herrmann ]
  * [SECURITY] Fix "CVE-2012-3356 / CVE-2012-3357":
    - CVE-2012-3356: * security fix: complete authz support for remote SVN views
    - CVE-2012-3357: * security fix: log msg leak in SVN revision view with
                     unreadable copy source
    Add patches "CVE-2012-3356" and "CVE-2012-3357", taken from upstream svn.
    (Closes: #679069)
  * Fix "viewvc runs extremely slowly (~15s per page)":
    backport upstream commit r2471 as new patch compression-content-length:
    don't set Content-Length when compression is used.
    (Closes: #636805)

  [ Ben Hutchings ]
  * view_query: No longer allow an undocumented URL parameter to
    override the admin-declared SQL row limit, which could result
    in excessive CPU usage and memory consumption (CVE-2009-5024)
    (Closes: #671482)
 -- Marc Deslauriers <email address hidden>   Wed, 21 Nov 2012 09:47:06 -0500

Available diffs

diff from 1.1.5-1.1 (in Ubuntu) to 1.1.5-1.1+squeeze2build0.12.04.1 (11.6 KiB)

Builds

i386

Built packages

viewvc web interface for CVS and/or Subversion repositories

viewvc-query utility to query CVS and Subversion commit database

Package files

viewvc-query_1.1.5-1.1+squeeze2build0.12.04.1_all.deb (11.6 KiB)
viewvc_1.1.5-1.1+squeeze2build0.12.04.1.diff.gz (29.8 KiB)
viewvc_1.1.5-1.1+squeeze2build0.12.04.1.dsc (1.9 KiB)
viewvc_1.1.5-1.1+squeeze2build0.12.04.1_all.deb (493.5 KiB)
viewvc_1.1.5.orig.tar.gz (579.7 KiB)