Lucene search
GoogleOSV:DSA-605-1HistoryDec 06, 2004 - 12:00 a.m.
viewcvs - settings not honored
2004-12-0600:00:00
Google
osv.dev
15
EPSS
0.003
Percentile
66.2%
Haris Sehic discovered several vulnerabilities in viewcvs, a utility
for viewing CVS and Subversion repositories via HTTP. When exporting
a repository as a tar archive the hide_cvsroot and forbidden settings
were not honoured enough.
When upgrading the package for woody, please make a copy of your
/etc/viewcvs/viewcvs.conf file if you have manually edited this file.
Upon upgrade the debconf mechanism may alter it in a way so that
viewcvs doesn’t understand it anymore.
For the stable distribution (woody) these problems have been fixed in
version 0.9.2-4woody1.
For the unstable distribution (sid) these problems have been fixed in
version 0.9.2+cvs.1.0.dev.2004.07.28-1.2.
We recommend that you upgrade your viewcvs package.
References
Related
securityvulns
securityvulns
openvas
openvas
Debian Security Advisory DSA 605-1 (viewcvs)
2008-01-17 00:00:00
FreeBSD Ports: viewcvs
2008-09-04 00:00:00
FreeBSD Ports: viewcvs
2008-09-04 00:00:00
nessus
nessus
Debian DSA-605-1 : viewcvs - settings not honored
2004-12-06 00:00:00
GLSA-200412-26 : ViewCVS: Information leak and XSS vulnerabilities
2004-12-28 00:00:00
freebsd
freebsd
viewcvs -- information leakage
2004-11-25 00:00:00
cvelist
cvelist
CVE-2004-0915
2004-12-10 05:00:00
cve
cve
CVE-2004-0915
2005-01-10 05:00:00
nvd
nvd
CVE-2004-0915
2005-01-10 05:00:00
debian
debian
[SECURITY] [DSA 605-1] New viewcvs packages fix information leak
2004-12-06 10:18:18
[SECURITY] [DSA 605-1] New viewcvs packages fix information leak
2004-12-06 10:18:18
ubuntucve
ubuntucve
CVE-2004-0915
2005-01-10 00:00:00
gentoo
gentoo
ViewCVS: Information leak and XSS vulnerabilities
2004-12-28 00:00:00