Package: viewvc Severity: grave Tags: security patch Hi
According to upstream: Version 1.1.2 (released 11-Aug-2009) * security fix: validate the 'view' parameter to avoid XSS attack * security fix: avoid printing illegal parameter names and values http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.2/CHANGES The two upstream patches appear to be: http://viewvc.tigris.org/source/browse/viewvc/branches/1.0.x/lib/viewvc.py?r1=2214&r2=2213&pathrev=2214 http://viewvc.tigris.org/source/browse/viewvc/branches/1.0.x/lib/viewvc.py?r1=2219&r2=2218&pathrev=2219 Could you test the patches and prepare updated packages for unstable/stable? A CVE id has been requested and we'll forward it to this bugreport once it's allocated. Cheers Steffen -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
