openSUSE Security Update : viewvc (openSUSE-SU-2012:0831-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

- update to 1.1.15 (bnc#768680) :

- security fix: complete authz support for remote SVN
views (CVE-2012-3356)

- security fix: log msg leak in SVN revision view with
unreadable copy source (CVE-2012-3357)

Additionally the following non-security issues have been addressed :

- fix several instances of incorrect information in remote
SVN views

- increase performance of some revision metadata lookups
in remote SVN views

- fix RSS feed regression introduced in 1.1.14

- fix annotation of svn files with non-URI-safe paths

- handle file:/// Subversion rootpaths as local roots

- fix bug caused by trying to case-normalize anon

- speed up log handling by reusing tokenization results

- add support for custom review log markup rules

- fix svndbadmin failure on deleted paths under Subversion

- fix annotation of files in svn roots with non-URI-safe

- fix stray annotation warning in markup display of images

- more gracefully handle attempts to display binary

- fix path display in patch and certain diff views

- fix broken cvsdb glob searching

- allow svn revision specifiers to have leading r's

- allow environmental override of configuration location

- fix exception HTML-escaping non-string data under WSGI

- add links to root logs from roots view

- use Pygments lexer-guessing functionality

- add supplements for apache2/subversion-server

See also :

Solution :

Update the affected viewvc package.

Risk factor :

Medium / CVSS Base Score : 5.0

Family: SuSE Local Security Checks

Nessus Plugin ID: 74665 ()

Bugtraq ID:

CVE ID: CVE-2012-3356

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now