Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 25 Jun 2012 13:59:55 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Ludwig Nussel <ludwig.nussel@...e.de>,
        Dirk Müller
 <dmueller@...e.com>
Subject: Re: CVE Request: viewvc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/25/2012 06:03 AM, Ludwig Nussel wrote:
> Hi,
> 
> Changelog of viewvc 1.1.15: 
> http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.15/CHANGES
>
> 
> 
> Version 1.1.15 (released 22-Jun-2012)
> 
> * security fix: complete authz support for remote SVN views (issue
> #353)

Please use CVE-2012-3356 for this issue

> * security fix: log msg leak in SVN revision view with unreadable
> copy source

Please use CVE-2012-3357 for this issue


> The first one seems to be this one: 
> http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758
>
>  The second one: 
> http://viewvc.tigris.org/issues/show_bug.cgi?id=353 
> http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2755
>
> 
http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2756
> http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2757
>
> 
http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2759
> http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2760
>
>  cu Ludwig
> 


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP6MM6AAoJEBYNRVNeJnmTw74QANaDGEyGk2EV0CtjDBAdDzJz
JgTbhuVWRQtCqtyUuyFmNte0znTZontJcYE3URRSMR0lIc8EyjKRhpe1ya5wdxhr
OqJWOUHtCDdvCyYtIFQ4FiY6biOFcmMO9g7xcf2F/ZbXYQXLhB/TmHKDAt0p+yaH
LN8E1mPVeldT8kXikarmcjBv8qU5rUue24bOAfrht+9rtLbNCcvKgnLl1r7JoCeu
3DJjPHA+34Bx9CNotjHlVU+6qt3nfo3V8Re9nqUf7drNGV12c+InKItbDVcFHZrf
4+RXOo8oZYrjXDoxWs64NXl8qfQ6d8ee9iOKW1oAyN5kswfxnl70eOm1nEPsW5zN
c635Ds9R4nY+VHAgrbM6kkZl5tIykFQP3KbecAG5+CPW72no+IV3fmeyYOq7Wp1G
ib6weGQF5fhvS1U/zUYgxyoG7Y3DCm+B9OFPphBld3s0eUMLAHX8njGuKIjDNrmA
NZ+r68Mj1ZFxRi1yv2GHMQjI8652Qlv76Xtpn0RqozTBVF7Ium7gwfdpw88+bjPP
ocjJUMR3QrCX8a29JxQMAnhpRx4hNtk7uJHu/YMkNrJ+LCQ7SJSxki+vdmkqvuFW
vZs0N0kXauNtSlgas4pf1M1JK+eqqh9MMIKKL0W6d3JQyujRKwJejIMMU8hm/TeJ
/gHBurbMC80AH0u0B18y
=/CS1
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ