Mailinglist Archive: opensuse-updates (56 mails)

< Previous Next >
openSUSE-SU-2012:0831-1: moderate: update for viewvc
openSUSE Security Update: update for viewvc

Announcement ID: openSUSE-SU-2012:0831-1
Rating: moderate
References: #768680
Cross-References: CVE-2012-3356 CVE-2012-3357
Affected Products:
openSUSE 12.1
openSUSE 11.4

An update that fixes two vulnerabilities is now available.


- update to 1.1.15 (bnc#768680):
* security fix: complete authz support for remote SVN
views (CVE-2012-3356)
* security fix: log msg leak in SVN revision view with
unreadable copy source (CVE-2012-3357)

Additionally the following non-security issues have been

* fix several instances of incorrect information in
remote SVN views
* increase performance of some revision metadata lookups
in remote SVN views
* fix RSS feed regression introduced in 1.1.14
* fix annotation of svn files with non-URI-safe paths
* handle file:/// Subversion rootpaths as local roots
* fix bug caused by trying to case-normalize anon
* speed up log handling by reusing tokenization results
* add support for custom review log markup rules
* fix svndbadmin failure on deleted paths under
Subversion 1.7
* fix annotation of files in svn roots with non-URI-safe
* fix stray annotation warning in markup display of images
* more gracefully handle attempts to display binary
* fix path display in patch and certain diff views
* fix broken cvsdb glob searching
* allow svn revision specifiers to have leading r's
* allow environmental override of configuration location
* fix exception HTML-escaping non-string data under WSGI
* add links to root logs from roots view
* use Pygments lexer-guessing functionality

- add supplements for apache2/subversion-server

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.1:

zypper in -t patch openSUSE-2012-363

- openSUSE 11.4:

zypper in -t patch openSUSE-2012-363

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 12.1 (noarch):


- openSUSE 11.4 (noarch):



< Previous Next >
This Thread
  • No further messages