Family: Debian Local Security Checks --> Category: infos
[DSA605] DSA-605-1 viewcvs Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Haris Sehic discovered several vulnerabilities in viewcvs, a utility
for viewing CVS and Subversion repositories via HTTP. When exporting
a repository as a tar archive the hide_cvsroot and forbidden settings
were not honoured enough.
When upgrading the package for woody, please make a copy of your
/etc/viewcvs/viewcvs.conf file if you have manually edited this file.
Upon upgrade the debconf mechanism may alter it in a way so that
viewcvs doesn't understand it anymore.
For the stable distribution (woody) these problems have been fixed in
For the unstable distribution (sid) these problems have been fixed in
We recommend that you upgrade your viewcvs package.
Solution : http://www.debian.org/security/2004/dsa-605
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.