Mailinglist Archive: opensuse-security (12 mails)
| < Previous | Next > |
[opensuse-security] Re: [security-announce] SUSE Security Summary Report: SUSE-SR:2010:007 (fwd)
- From: Markus Gaugusch <markus@xxxxxxxxxxx>
- Date: Fri, 9 Apr 2010 12:25:49 +0200 (CEST)
- Message-id: <alpine.LNX.2.00.1004091223490.15926@xxxxxxxxxxxxxxxxxxxx>
Hi,
The latest update of viewvc (viewvc-2240) does no longer work with CVS (on OpenSUSE 11.1).
An Exception Has Occurred
Python Traceback
Traceback (most recent call last):
File "/srv/viewvc/lib/viewvc.py", line 3765, in main
request.run_viewvc()
File "/srv/viewvc/lib/viewvc.py", line 399, in run_viewvc
self.view_func(self)
File "/srv/viewvc/lib/viewvc.py", line 1614, in view_directory
row.log = format_log(file.log, cfg)
File "/srv/viewvc/lib/viewvc.py", line 1014, in format_log
s = htmlify(log[:cfg.options.short_log_len], cfg.options.buglink_base)
TypeError: htmlify() takes exactly 1 argument (2 given)
If I change line 1002 in viewvc.py from
def htmlify(html):
to
def htmlify(html, buglink):
it works again.
regards,
Markus
PS: I've been notified, that this bug is already fixed at suse, so this is just a heads up for the other people here. Apparently it works on 11.2, but I can't verify it at the moment.
On Mar 30, Sebastian Krahmer <krahmer@xxxxxxx> wrote:
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx
The latest update of viewvc (viewvc-2240) does no longer work with CVS (on OpenSUSE 11.1).
An Exception Has Occurred
Python Traceback
Traceback (most recent call last):
File "/srv/viewvc/lib/viewvc.py", line 3765, in main
request.run_viewvc()
File "/srv/viewvc/lib/viewvc.py", line 399, in run_viewvc
self.view_func(self)
File "/srv/viewvc/lib/viewvc.py", line 1614, in view_directory
row.log = format_log(file.log, cfg)
File "/srv/viewvc/lib/viewvc.py", line 1014, in format_log
s = htmlify(log[:cfg.options.short_log_len], cfg.options.buglink_base)
TypeError: htmlify() takes exactly 1 argument (2 given)
If I change line 1002 in viewvc.py from
def htmlify(html):
to
def htmlify(html, buglink):
it works again.
regards,
Markus
PS: I've been notified, that this bug is already fixed at suse, so this is just a heads up for the other people here. Apparently it works on 11.2, but I can't verify it at the moment.
On Mar 30, Sebastian Krahmer <krahmer@xxxxxxx> wrote:
1) Solved Security Vulnerabilities:
- viewvc
- viewvc
Query forms didn't escape user provided input, therefore allowing
cross-site-scripting (XSS) attacks.
CVE-2010-0736 has been assigned to this issue.
Affected products: openSUSE 11.0-11.2
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx
| < Previous | Next > |