-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 14 Oct 2012 20:12:07 +0000 Source: viewvc Binary: viewvc viewvc-query Architecture: source all Version: 1.1.5-1.1+squeeze1 Distribution: stable-security Urgency: high Maintainer: David Martínez Moreno <ender@debian.org> Changed-By: Thijs Kinkhorst <thijs@debian.org> Description: viewvc - web interface for CVS and/or Subversion repositories viewvc-query - utility to query CVS and Subversion commit database Closes: 636805 671482 679069 Changes: viewvc (1.1.5-1.1+squeeze1) stable-security; urgency=high . * Non-maintainer upload. . [ gregor herrmann ] * [SECURITY] Fix "CVE-2012-3356 / CVE-2012-3357": - CVE-2012-3356: * security fix: complete authz support for remote SVN views - CVE-2012-3357: * security fix: log msg leak in SVN revision view with unreadable copy source Add patches "CVE-2012-3356" and "CVE-2012-3357", taken from upstream svn. (Closes: #679069) * Fix "viewvc runs extremely slowly (~15s per page)": backport upstream commit r2471 as new patch compression-content-length: don't set Content-Length when compression is used. (Closes: #636805) . [ Ben Hutchings ] * view_query: No longer allow an undocumented URL parameter to override the admin-declared SQL row limit, which could result in excessive CPU usage and memory consumption (CVE-2009-5024) (Closes: #671482) Checksums-Sha1: 2ad3542ad175bebc67ed1ccc718bb6de4951b47b 1498 viewvc_1.1.5-1.1+squeeze1.dsc 988d7b9e13af194696db9cba5446510367720b91 593630 viewvc_1.1.5.orig.tar.gz 00089765d74a8995aa0c4b2eb43b94db1334454c 30479 viewvc_1.1.5-1.1+squeeze1.diff.gz 6a017148e51668ecd475c3c38d1b79355b9c8fdd 606544 viewvc_1.1.5-1.1+squeeze1_all.deb 13228ddbc7a83a7aa59ca0e90f0eb8afc6c58911 12106 viewvc-query_1.1.5-1.1+squeeze1_all.deb Checksums-Sha256: f72ff0183658afa35fab6f22b3f5d3a6469a8a6579e65b14944d1b058547c6d0 1498 viewvc_1.1.5-1.1+squeeze1.dsc 32ce717330fc780e9c2341cca800079078e9935581d4dfd526e4a15fc1d94919 593630 viewvc_1.1.5.orig.tar.gz 92bc4267c140a91eaf89443b4b1b889362401379a9f448aa6a61530a495d1e60 30479 viewvc_1.1.5-1.1+squeeze1.diff.gz 6d4a7909659e4f9f3e8c049342a123d7e13d4ffb7a74a984df0a8b8ff0c7f168 606544 viewvc_1.1.5-1.1+squeeze1_all.deb 0c03412641438cefc30086b0b999bc0e3271b95aabc9550fa2cfc76dc150446b 12106 viewvc-query_1.1.5-1.1+squeeze1_all.deb Files: 39095cfbd30229eccd9468da19a60ba5 1498 vcs optional viewvc_1.1.5-1.1+squeeze1.dsc da7bbcf6800383ebb23405a064c6faf8 593630 vcs optional viewvc_1.1.5.orig.tar.gz d67c265da2ac4bbb4b776498290550dd 30479 vcs optional viewvc_1.1.5-1.1+squeeze1.diff.gz a22095492d9f05f7e553d513fe39b15c 606544 vcs optional viewvc_1.1.5-1.1+squeeze1_all.deb 3cc471934f2c28693c09c034b94c8699 12106 vcs optional viewvc-query_1.1.5-1.1+squeeze1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJQgWM6AAoJEFb2GnlAHawEt/kH/jaY5/RqOoHFDFETHJbEKgEP vgDYFVjpUMwQYhXiWhHeCYJ4H/k+xE9e1HqXWuNlieLad70Nb5yCtfVYrHn4nZxp 7wag9bwbypJ5sR7HrGWIuLII9x0wkw21ggR572CZBXPRWFdtwrGPUlISom1/RqM5 VtPyupSBCjL0NIQ+h3FwelI2C+ozYYV8eJBgJttPXRysGS7B5de03q/1re0ACeN2 o85WOo419NcW4fKMWIYHGVaqnbo5RAs2wh2qwFukbhx7xUgmYzHdUvedM1hqjAW1 uG+9Wp4AdHtxSASZ6Sn3/yMbh4z+PEc2zJ+4oCTFJjwuV93ho/724rgeC7dcqJs= =t0Q5 -----END PGP SIGNATURE-----
