Mailinglist Archive: opensuse-updates (56 mails)

< Previous Next >
openSUSE-SU-2012:0831-1: moderate: update for viewvc
openSUSE Security Update: update for viewvc
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:0831-1
Rating: moderate
References: #768680
Cross-References: CVE-2012-3356 CVE-2012-3357
Affected Products:
openSUSE 12.1
openSUSE 11.4
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:


- update to 1.1.15 (bnc#768680):
* security fix: complete authz support for remote SVN
views (CVE-2012-3356)
* security fix: log msg leak in SVN revision view with
unreadable copy source (CVE-2012-3357)

Additionally the following non-security issues have been
addressed:

* fix several instances of incorrect information in
remote SVN views
* increase performance of some revision metadata lookups
in remote SVN views
* fix RSS feed regression introduced in 1.1.14
* fix annotation of svn files with non-URI-safe paths
* handle file:/// Subversion rootpaths as local roots
* fix bug caused by trying to case-normalize anon
usernames
* speed up log handling by reusing tokenization results
* add support for custom review log markup rules
* fix svndbadmin failure on deleted paths under
Subversion 1.7
* fix annotation of files in svn roots with non-URI-safe
paths
* fix stray annotation warning in markup display of images
* more gracefully handle attempts to display binary
content
* fix path display in patch and certain diff views
* fix broken cvsdb glob searching
* allow svn revision specifiers to have leading r's
* allow environmental override of configuration location
* fix exception HTML-escaping non-string data under WSGI
* add links to root logs from roots view
* use Pygments lexer-guessing functionality

- add supplements for apache2/subversion-server


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.1:

zypper in -t patch openSUSE-2012-363

- openSUSE 11.4:

zypper in -t patch openSUSE-2012-363

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.1 (noarch):

viewvc-1.1.15-4.4.1

- openSUSE 11.4 (noarch):

viewvc-1.1.15-6.1


References:

http://support.novell.com/security/cve/CVE-2012-3356.html
http://support.novell.com/security/cve/CVE-2012-3357.html
https://bugzilla.novell.com/768680


< Previous Next >
This Thread
  • No further messages