Mandriva Linux Security Advisory : viewvc (MDVSA-2013:134)
Medium Nessus Plugin ID 66146
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionUpdated viewvc packages fix security vulnerabilities :
complete authz support for remote SVN views (CVE-2012-3356).
log msg leak in SVN revision view with unreadable copy source (CVE-2012-3357).
function name lines returned by diff are not properly escaped, allowing attackers with commit access to perform cross site scripting (CVE-2012-4533).
Several other bugs were fixed as well.
SolutionUpdate the affected viewvc package.