Copied from
ubuntu precise in
Private PPA for Ubuntu Security Team
by Ubuntu Archive Robot
Changelog
viewvc (1.1.5-1.1+squeeze2build0.12.04.1) precise-security; urgency=low
* fake sync from Debian
viewvc (1.1.5-1.1+squeeze2) stable-security; urgency=high
* Non-maintainer upload.
* CVE-2012-4533: Fix XSS in commit message view. Found and patch provided
by Nicolás Alvarez (closes: #691062).
viewvc (1.1.5-1.1+squeeze1) stable-security; urgency=high
* Non-maintainer upload.
[ gregor herrmann ]
* [SECURITY] Fix "CVE-2012-3356 / CVE-2012-3357":
- CVE-2012-3356: * security fix: complete authz support for remote SVN views
- CVE-2012-3357: * security fix: log msg leak in SVN revision view with
unreadable copy source
Add patches "CVE-2012-3356" and "CVE-2012-3357", taken from upstream svn.
(Closes: #679069)
* Fix "viewvc runs extremely slowly (~15s per page)":
backport upstream commit r2471 as new patch compression-content-length:
don't set Content-Length when compression is used.
(Closes: #636805)
[ Ben Hutchings ]
* view_query: No longer allow an undocumented URL parameter to
override the admin-declared SQL row limit, which could result
in excessive CPU usage and memory consumption (CVE-2009-5024)
(Closes: #671482)
-- Marc Deslauriers <email address hidden> Wed, 21 Nov 2012 09:47:06 -0500