From Mageia wiki
Jump to: navigation, search

MGASA-2012-0313

Date: October 29th, 2012
Affected releases: 1, 2


Description:
Updated viewvc package fixes security vulnerability:

"function name" lines returned by diff are not properly escaped,
allowing attackers with commit access to perform cross site scripting
(CVE-2012-4533).


Updated Packages:
Mageia 1:
viewvc-1.1.15-1.1.mga1

Mageia 2:
viewvc-1.1.15-1.1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4533
http://www.debian.org/security/2012/dsa-2563
https://bugs.mageia.org/show_bug.cgi?id=7896