Package: viewvc Severity: normal Tags: patch, security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for viewvc.
CVE-2008-4325[0]: | lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the | HTTP request for the Content-Type header in the HTTP response, which | allows remote attackers to cause content to be misinterpreted by the | browser via a content-type parameter that is inconsistent with the | requested object. NOTE: this issue might not be a vulnerability, since | it requires attacker access to the repository that is being viewed. The upstream bugreport[1] contains an explanation and also a patch[2]. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. I don't think it is really exploitable or a serious issue, but nonetheless, I thought you'd like to know. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4325 http://security-tracker.debian.net/tracker/CVE-2008-4325 [1] http://viewvc.tigris.org/issues/show_bug.cgi?id=354 [2] http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?rev=2011&r1=1968&r2=1978 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
