openSUSE-SU-2017:0501-1

Опубликовано: 18 фев. 2017

Источник: suse-cvrf

Описание

Security update for viewvc

This update for viewvc to version 1.1.26 fixes the following issues:

vievwc 1.1.26, including one security fix:
- CVE-2017-5938 escape nav_data name to avoid XSS attack (boo#1024393)
vievwc 1.1.25:
- fix _rev2optrev assertion on long input
license is BSD-2-Clause, package LICENSE text
Update viewvc.conf for Apache 2.4 syntax.
viewvc 1.1.24:
- fix minor bug in human_readable boolean calculation
- allow hr_funout option to apply to unidiff diffs, too
- fix infinite loop in rcsparse
- fix iso8601 timezone offset handling
- add support for renamed roots
- fix minor buglet in viewvc-install error message

Список пакетов

openSUSE Leap 42.1

viewvc-1.1.26-6.1

openSUSE Leap 42.2

viewvc-1.1.26-6.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-02/msg00082.html
E-Mail link for openSUSE-SU-2017:0501-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.

Затронутые продукты

openSUSE Leap 42.1:viewvc-1.1.26-6.1

openSUSE Leap 42.2:viewvc-1.1.26-6.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-5938.html
CVE-2017-5938
https://bugzilla.suse.com/1024393
SUSE Bug 1024393

openSUSE-SU-2017:0501-1

Описание

Список пакетов

openSUSE Leap 42.1

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2017-5938

Описание

Затронутые продукты

Ссылки