SuSE 10 Security Update : Subversion (ZYPP Patch Number 5362)

This update of subversion fixes multiple vulnerabilities. - list CVS or SVN commits on 'all-forbidden' files. CVE-2008-1290 - directly access hidden CVSROOT folders. CVE-2008-1291 - expose restricted content via the revision view, the log history, or the diff view. CVE-2008-1292 %NASLMINLEVEL 703...

CVE-2008-1292

ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading 1 forbidden pathnames in the revision view, 2 log history that can only be reached by traversing a forbidden object, or 3...

GLSA-200803-29 : ViewVC: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200803-29 ViewVC: Multiple vulnerabilities Multiple unspecified errors were reportedly fixed by the ViewVC development team. Impact : A remote attacker could send a specially crafted URL to the server to list CVS or SVN commits on...

Fedora 7 : viewvc-1.0.5-1.fc7 (2008-2143)

These security issues have been fixed: - omit commits of all-forbidden files from query results - disallow direct URL navigation to hidden CVSROOT folder - strip forbidden paths from revision view - don't traverse log history thru forbidden locations - honor forbiddenness via diff view path...