Package: viewvc Version: 1.0.9-1 Severity: serious Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for viewvc.
CVE-2009-3618[0]: | Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 | before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject | arbitrary web script or HTML via the view parameter. NOTE: some of | these details are obtained from third party information. CVE-2009-3619[1]: | Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before | 1.1.2 has unknown impact and remote attack vectors related to | "printing illegal parameter names and values." I have been unable to track a patch down, but these are claimed fixed in version 1.1.2. Please check whether this version is affected. Etch and lenny may also be affected as well. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3618 http://security-tracker.debian.org/tracker/CVE-2009-3618 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3619 http://security-tracker.debian.org/tracker/CVE-2009-3619 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
