[ubuntu/quantal] viewvc 1.1.5-1.3 (Accepted)

Micah Gersten launchpad at micahscomputing.com
Wed Oct 17 01:30:20 UTC 2012

viewvc (1.1.5-1.3) unstable; urgency=low

  * Non-maintainer upload.

  [ gregor herrmann ]
  * [SECURITY] Fix "CVE-2012-3356 / CVE-2012-3357":
    - CVE-2012-3356: * security fix: complete authz support for remote SVN views
    - CVE-2012-3357: * security fix: log msg leak in SVN revision view with
                     unreadable copy source
    Add patches "CVE-2012-3356" and "CVE-2012-3357", taken from upstream svn.
    (Closes: #679069)

  [ Ben Hutchings ]
  * view_query: No longer allow an undocumented URL parameter to
    override the admin-declared SQL row limit, which could result
    in excessive CPU usage and memory consumption (CVE-2009-5024)
    (Closes: #671482)

Date: 2012-10-15 04:24:10.415208+00:00
Signed-By: Micah Gersten <launchpad at micahscomputing.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Quantal-changes mailing list