|
Family: Debian Local Security Checks --> Category: infos
[DSA605] DSA-605-1 viewcvs Vulnerability Scan
Vulnerability Scan Summary DSA-605-1 viewcvs
Detailed Explanation for this Vulnerability Test
Haris Sehic discovered several vulnerabilities in viewcvs, a utility
for viewing CVS and Subversion repositories via HTTP. When exporting
a repository as a tar archive the hide_cvsroot and forbidden settings
were not honoured enough.
When upgrading the package for woody, please make a copy of your
/etc/viewcvs/viewcvs.conf file if you have manually edited this file.
Upon upgrade the debconf mechanism may alter it in a way so that
viewcvs doesn't understand it anymore.
For the stable distribution (woody) these problems have been fixed in
version 0.9.2-4woody1.
For the unstable distribution (sid) these problems have been fixed in
version 0.9.2+cvs.1.0.dev.2004.07.28-1.2.
We recommend that you upgrade your viewcvs package.
Solution : http://www.debian.org/security/2004/dsa-605
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|