[ubuntu/quantal] viewvc 1.1.5-1.3 (Accepted)
Micah Gersten
launchpad at micahscomputing.com
Wed Oct 17 01:30:20 UTC 2012
viewvc (1.1.5-1.3) unstable; urgency=low
* Non-maintainer upload.
[ gregor herrmann ]
* [SECURITY] Fix "CVE-2012-3356 / CVE-2012-3357":
- CVE-2012-3356: * security fix: complete authz support for remote SVN views
- CVE-2012-3357: * security fix: log msg leak in SVN revision view with
unreadable copy source
Add patches "CVE-2012-3356" and "CVE-2012-3357", taken from upstream svn.
(Closes: #679069)
[ Ben Hutchings ]
* view_query: No longer allow an undocumented URL parameter to
override the admin-declared SQL row limit, which could result
in excessive CPU usage and memory consumption (CVE-2009-5024)
(Closes: #671482)
Date: 2012-10-15 04:24:10.415208+00:00
Signed-By: Micah Gersten <launchpad at micahscomputing.com>
https://launchpad.net/ubuntu/quantal/+source/viewvc/1.1.5-1.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Quantal-changes
mailing list