U radu programskog paketa viewvc uočeni su i otklonjeni sigurnosni nedostaci koje su potencijalni napadači mogli iskoristiti za zaobilaženje postavljenih ograničenja i otkrivanje osjetljivih informacija.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-9371
2012-06-14 23:36:14
--------------------------------------------------------------------------------
Name : viewvc
Product : Fedora 16
Version : 1.1.15
Release : 1.fc16
URL : http://www.viewvc.org/
Summary : Browser interface for CVS and SVN version control repositories
Description :
ViewVC is a browser interface for CVS and Subversion version control
repositories. It generates templatized HTML to present navigable directory,
revision, and change log listings. It can display specific versions of files
as well as diffs between those versions. Basically, ViewVC provides the bulk
of the report-like functionality you expect out of your version control tool,
but much more prettily than the average textual command-line program output.
--------------------------------------------------------------------------------
Update Information:
Version 1.1.14 (released 12-Jun-2012)
- fix annotation of svn files with non-URI-safe paths (issue #504)
- handle file:/// Subversion rootpaths as local roots (issue #446)
- fix bug caused by trying to case-normalize anon usernames (issue #505)
- speed up log handling by reusing tokenization results (issue #506)
- add support for custom review log markup rules (issue #429)
Version 1.1.15 (released 22-Jun-2012)
- security fix: complete authz support for remote SVN views (issue #353)
- security fix: log msg leak in SVN revision view with unreadable copy source
- fix several instances of incorrect information in remote SVN views
- increase performance of some revision metadata lookups in remote SVN views
- fix RSS feed regression introduced in 1.1.14
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 23 2012 Bojan Smojver <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.1.15-1
- bump up to 1.1.15
* Wed Jun 13 2012 Bojan Smojver <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.1.14-1
- bump up to 1.1.14
* Sun Apr 29 2012 Bojan Smojver <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.1.13-2
- drop viewvc-httpd package, which depends on mod_python
- introduce viewvc-httpd-fcgi, obsoletes viewvc-httpd
- introduce viewvc-httpd-wsgi
* Tue Jan 24 2012 Bojan Smojver <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.1.13-1
- bump up to 1.1.13
* Fri Nov 4 2011 Bojan Smojver <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.1.12-1
- bump up to 1.1.12
* Tue Nov 1 2011 Bojan Smojver <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.1.11-3
- require subversion-python
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #835293 - CVE-2012-3356 CVE-2012-3357 viewvc: two security flaws
fixed in 1.1.15
https://bugzilla.redhat.com/show_bug.cgi?id=835293
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update viewvc' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-9433
2012-06-14 23:40:00
--------------------------------------------------------------------------------
Name : viewvc
Product : Fedora 17
Version : 1.1.15
Release : 1.fc17
URL : http://www.viewvc.org/
Summary : Browser interface for CVS and SVN version control repositories
Description :
ViewVC is a browser interface for CVS and Subversion version control
repositories. It generates templatized HTML to present navigable directory,
revision, and change log listings. It can display specific versions of files
as well as diffs between those versions. Basically, ViewVC provides the bulk
of the report-like functionality you expect out of your version control tool,
but much more prettily than the average textual command-line program output.
--------------------------------------------------------------------------------
Update Information:
Version 1.1.14 (released 12-Jun-2012)
- fix annotation of svn files with non-URI-safe paths (issue #504)
- handle file:/// Subversion rootpaths as local roots (issue #446)
- fix bug caused by trying to case-normalize anon usernames (issue #505)
- speed up log handling by reusing tokenization results (issue #506)
- add support for custom review log markup rules (issue #429)
Version 1.1.15 (released 22-Jun-2012)
- security fix: complete authz support for remote SVN views (issue #353)
- security fix: log msg leak in SVN revision view with unreadable copy source
- fix several instances of incorrect information in remote SVN views
- increase performance of some revision metadata lookups in remote SVN views
- fix RSS feed regression introduced in 1.1.14
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 23 2012 Bojan Smojver <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.1.15-1
- bump up to 1.1.15
* Wed Jun 13 2012 Bojan Smojver <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.1.14-1
- bump up to 1.1.14
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #835293 - CVE-2012-3356 CVE-2012-3357 viewvc: two security flaws
fixed in 1.1.15
https://bugzilla.redhat.com/show_bug.cgi?id=835293
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update viewvc' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke