A bug in viewvc could allow remote users to obtain a really large request that could cause the server to use up excessive amounts of CPU and memory while processing the request [1]. This has been corrected upstream [2] in v1.1.11 [3]. This affects current versions of viewvc as provided by Fedora and EPEL. [1] http://viewvc.tigris.org/issues/show_bug.cgi?id=433 [2] http://viewvc.tigris.org/source/browse/viewvc?diff_format=u&view=rev&revision=2551 [3] http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.11/CHANGES
Created viewvc tracking bugs for this issue Affects: fedora-all [bug 706275] Affects: epel-all [bug 706276]
All supported versions of Fedora and EPEL currently provide viewvc 1.1.15, so this flaw has been resolved.