Package name
viewvc
Date
2013-04-10
Advisory ID
MDVSA-2013:134
Affected versions
MBS1 x86_64

Problem description

Updated viewvc packages fix security vulnerabilities:

complete authz support for remote SVN views (CVE-2012-3356).

log msg leak in SVN revision view with unreadable copy source
(CVE-2012-3357).

function name lines returned by diff are not properly escaped,
allowing attackers with commit access to perform cross site scripting
(CVE-2012-4533).

Several other bugs were fixed as well.

Updated packages

MBS1 x86_64

 d900d58ae8a5e685e8f27e9128fb729c  mbs1/x86_64/viewvc-1.1.15-1.mbs1.noarch.rpm 
 b698ff35163bcbf10395e045745cfa8d  mbs1/SRPMS/viewvc-1.1.15-1.mbs1.src.rpm

References