Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 16 Update: viewvc-1.1.17-1.fc16
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Tuesday 6th November 2012 07:51:10 UTC (over 3 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-16673
2012-10-23 01:30:12
--------------------------------------------------------------------------------

Name        : viewvc
Product     : Fedora 16
Version     : 1.1.17
Release     : 1.fc16
URL         : http://www.viewvc.org/
Summary     : Browser interface for CVS and SVN version control
repositories
Description :
ViewVC is a browser interface for CVS and Subversion version control
repositories. It generates templatized HTML to present navigable directory,
revision, and change log listings. It can display specific versions of
files
as well as diffs between those versions. Basically, ViewVC provides the
bulk
of the report-like functionality you expect out of your version control
tool,
but much more prettily than the average textual command-line program
output.

--------------------------------------------------------------------------------
Update Information:

Patch CVE-2012-4533.

Version 1.1.16

- security fix: escape "extra" diff info to avoid XSS attack (issue #515)
- add 'binary_mime_types' configuration option and handling (issue #510)
- fix 'select for diffs' persistence across log pages (issue #512)
- remove lock status and filesize check on directories in remote SVN views
- fix bogus 'Annotation of' page title for non-annotated view (issue #514)

Version 1.1.17 (released 25-Oct-2012)

- fix exception caused by uninitialized variable usage (issue #516)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 26 2012 Bojan Smojver  - 1.1.17-1
- bump up to 1.1.17
* Thu Oct 25 2012 Bojan Smojver  - 1.1.16-1
- bump up to 1.1.16
- drop patch for CVE-2012-4533, part of the release
* Mon Oct 22 2012 Bojan Smojver  - 1.1.15-3
- patch CVE-2012-4533, bug #868606
* Sun Jul 22 2012 Fedora Release Engineering
 - 1.1.15-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Sat Jun 23 2012 Bojan Smojver  - 1.1.15-1
- bump up to 1.1.15
* Wed Jun 13 2012 Bojan Smojver  - 1.1.14-1
- bump up to 1.1.14
* Sun Apr 29 2012 Bojan Smojver  - 1.1.13-2
- drop viewvc-httpd package, which depends on mod_python
- introduce viewvc-httpd-fcgi, obsoletes viewvc-httpd
- introduce viewvc-httpd-wsgi
* Tue Jan 24 2012 Bojan Smojver  - 1.1.13-1
- bump up to 1.1.13
* Fri Nov  4 2011 Bojan Smojver  - 1.1.12-1
- bump up to 1.1.12
* Tue Nov  1 2011 Bojan Smojver  - 1.1.11-3
- require subversion-python
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #868606 - CVE-2012-4533 viewvc: lib/viewvc.py XSS
        https://bugzilla.redhat.com/show_bug.cgi?id=868606
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update viewvc' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 4ms