Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:7291
HistoryDec 06, 2004 - 12:00 a.m.

[Full-Disclosure] [SECURITY] [DSA 605-1] New viewcvs packages fix information leak

2004-12-0600:00:00
vulners.com
15
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Debian Security Advisory DSA 605-1 [email protected]
http://www.debian.org/security/ Martin Schulze
December 6th, 2004 http://www.debian.org/security/faq

Package : viewcvs
Vulnerability : settings not honored
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0915

Hajvan Sehic discovered several vulnerabilities in viewcvs, a utility
for viewing CVS and Subversion repositories via HTTP. When exporting
a repository as a tar archive the hide_cvsroot and forbidden settings
were not honoured enough.

When upgrading the package for woody, please make a copy of your
/etc/viewcvs/viewcvs.conf file if you have manually edited this file.
Upon upgrade the debconf mechanism may alter it in a way so that
viewcvs doesn't understand it anymore.

For the stable distribution (woody) these problems have been fixed in
version 0.9.2-4woody1.

For the unstable distribution (sid) these problems have been fixed in
version 0.9.2+cvs.1.0.dev.2004.07.28-1.2.

We recommend that you upgrade your viewcvs package.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/v/viewcvs/viewcvs_0.9.2-4woody1.dsc
  Size/MD5 checksum:      628 4d0b925c801e55393ddb9d32e04699bd
http://security.debian.org/pool/updates/main/v/viewcvs/viewcvs_0.9.2-4woody1.diff.gz
  Size/MD5 checksum:    33345 34be8bcc7e47f26b8e85ff48a38be023
http://security.debian.org/pool/updates/main/v/viewcvs/viewcvs_0.9.2.orig.tar.gz
  Size/MD5 checksum:   140063 c7857b1ed05240ad1f691ea40044daf2

Architecture independent components:

http://security.debian.org/pool/updates/main/v/viewcvs/viewcvs_0.9.2-4woody1_all.deb
  Size/MD5 checksum:   216628 a83bff813d3146d126dd5d6059c5ef0e

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBtDHoW5ql+IAeqTIRArpRAKCGoJ0iUv+en+DheiwXJK7YVZc9xwCggtNr
IpIWEZQmLnBt/Oxzvimxj0k=
=KcyN
-----END PGP SIGNATURE-----

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Related

nessus 3
openvas 6
freebsd 1
osv 1
cve 1
debian 2
ubuntucve 1
gentoo 1
nessus
nessus
Debian DSA-605-1 : viewcvs - settings not honored
2004-12-06 00:00:00
FreeBSD : viewcvs -- information leakage (323784cf-48a6-11d9-a9e7-0001020eed82)
2005-07-13 00:00:00
GLSA-200412-26 : ViewCVS: Information leak and XSS vulnerabilities
2004-12-28 00:00:00
openvas
openvas
FreeBSD Ports: viewcvs
2008-09-04 00:00:00
Debian Security Advisory DSA 605-1 (viewcvs)
2008-01-17 00:00:00
FreeBSD Ports: viewcvs
2008-09-04 00:00:00
freebsd
freebsd
viewcvs -- information leakage
2004-11-25 00:00:00
osv
osv
viewcvs - settings not honored
2004-12-06 00:00:00
cve
cve
CVE-2004-0915
2005-01-10 05:00:00
debian
debian
[SECURITY] [DSA 605-1] New viewcvs packages fix information leak
2004-12-06 10:18:18
[SECURITY] [DSA 605-1] New viewcvs packages fix information leak
2004-12-06 10:18:18
ubuntucve
ubuntucve
CVE-2004-0915
2005-01-10 00:00:00
gentoo
gentoo
ViewCVS: Information leak and XSS vulnerabilities
2004-12-28 00:00:00
JSON
Related for SECURITYVULNS:DOC:7291
nessus3openvas6freebsd1osv1cve1debian2ubuntucve1gentoo1