Thomas Gerbet discovered that viewvc, a web interface for CVS and Subversion repositories, did not properly sanitize user input. This problem resulted in a potential Cross-Site Scripting vulnerability. this problem has been fixed in version 1.1.26
Thanks, Zombie Assigning to all packagers collectively, since there is no registered maintainer for this package. Btw, I don't see a freeze push request for 1.1.26, so setting version to Cauldron and "MGA5TOO"
CC: (none) => marja11Version: 5 => CauldronAssignee: bugsquad => pkg-bugsSource RPM: http://www.linuxsecurity.com/content/view/170725/170/ => viewvcWhiteboard: (none) => MGA5TOO
Done for Cauldron, and for MGA5. Suggested advisory: ======================== Thomas Gerbet discovered that viewvc, a web interface for CVS and Subversion repositories, did not properly sanitize user input. This problem resulted in a potential Cross-Site Scripting vulnerability. this problem has been fixed in version 1.1.26 ======================== Updated packages in core/updates_testing: viewvc-1.1.26-1.mga5.srpm viewvc-1.1.26-1.mga5.noarch.rpm
Status: NEW => ASSIGNEDCC: (none) => lists.jjorge
Assignee: pkg-bugs => qa-bugs
CC: (none) => davidwhodginsWhiteboard: MGA5TOO => MGA5TOO advisory
Version: Cauldron => 5Whiteboard: MGA5TOO advisory => advisory
URL: http://www.linuxsecurity.com/content/view/170725/170/ => https://lwn.net/Vulnerabilities/714124/
Just testing by running /usr/share/viewvc/bin/standalone.py and then using a browser to connect to http://localhost/viewvc/
Keywords: (none) => validated_updateWhiteboard: advisory => advisory MGA5-64-OK MGA5-32-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0048.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED