Ubuntu

“viewvc” 1.1.5-1.1+squeeze2build0.12.04.1 source package in The Precise Pangolin

Publishing history

1.1.5-1.1+squeeze2build0.12.04.1
PUBLISHED: Precise pocket Updates in component universe and section devel
  • Published on 2012-11-21
  • Copied from ubuntu precise in Private PPA for Ubuntu Security Team by Ubuntu Archive Robot
1.1.5-1.1+squeeze2build0.12.04.1
PUBLISHED: Precise pocket Security in component universe and section devel
  • Published on 2012-11-21
  • Copied from ubuntu precise in Private PPA for Ubuntu Security Team by Marc Deslauriers

Changelog

viewvc (1.1.5-1.1+squeeze2build0.12.04.1) precise-security; urgency=low

  * fake sync from Debian

viewvc (1.1.5-1.1+squeeze2) stable-security; urgency=high

  * Non-maintainer upload.
  * CVE-2012-4533: Fix XSS in commit message view. Found and patch provided
    by Nicolás Alvarez (closes: #691062).

viewvc (1.1.5-1.1+squeeze1) stable-security; urgency=high

  * Non-maintainer upload.

  [ gregor herrmann ]
  * [SECURITY] Fix "CVE-2012-3356 / CVE-2012-3357":
    - CVE-2012-3356: * security fix: complete authz support for remote SVN views
    - CVE-2012-3357: * security fix: log msg leak in SVN revision view with
                     unreadable copy source
    Add patches "CVE-2012-3356" and "CVE-2012-3357", taken from upstream svn.
    (Closes: #679069)
  * Fix "viewvc runs extremely slowly (~15s per page)":
    backport upstream commit r2471 as new patch compression-content-length:
    don't set Content-Length when compression is used.
    (Closes: #636805)

  [ Ben Hutchings ]
  * view_query: No longer allow an undocumented URL parameter to
    override the admin-declared SQL row limit, which could result
    in excessive CPU usage and memory consumption (CVE-2009-5024)
    (Closes: #671482)
 -- Marc Deslauriers <email address hidden>   Wed, 21 Nov 2012 09:47:06 -0500