Package: viewcvs Version: 0.9.4+svn20060318-1 Severity: grave Tags: security Justification: user security hole
Version 1.0.3 (released 13-Oct-2006) * security fix: declare charset for views to avoid IE UTF7 XSS attack Version 0.9.4 (released 17-Aug-2005) * security fix: omit forbidden/hidden modules from query results. Version 0.9.3 (released 17-May-2005) * security fix: disallow bad "sortby" and "cvsroot" input [CAN-2002-0771] This next two I think are solved: * security fix: disallow bad "content-type" input [CAN-2004-1062] * security fix: omit forbidden/hidden modules from tarballs [CAN-2004-0915] -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-1-686 Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) Versions of packages viewcvs depends on: ii viewvc 0.9.4+svn20060318-1 view CVS/SVN repositories via HTTP viewcvs recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]