ViewVC 1.1.15 was released [1] with the following fixes: * security fix: complete authz support for remote SVN views (issue #353) * security fix: log msg leak in SVN revision view with unreadable copy source The SUSE bug report [2] notes some possible source fixes for these issues: The first one: http://viewvc.tigris.org/issues/show_bug.cgi?id=353 http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2755 http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2756 http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2757 http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2759 http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2760 The second flaw: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758 [1] http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.15/CHANGES [2] https://bugzilla.novell.com/show_bug.cgi?id=768680
As per: http://www.openwall.com/lists/oss-security/2012/06/25/8 > * security fix: complete authz support for remote SVN views (issue #353) Please use CVE-2012-3356 for this issue > * security fix: log msg leak in SVN revision view with unreadable copy source Please use CVE-2012-3357 for this issue
Created viewvc tracking bugs for this issue Affects: epel-all [bug 835295] Affects: fedora-all [bug 835296]
viewvc-1.1.15-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
viewvc-1.1.15-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
viewvc-1.1.15-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
viewvc-1.1.15-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.