[SECURITY] Fedora 7 Update: viewvc-1.0.5-1.fc7

updates at fedoraproject.org updates at fedoraproject.org
Sat Mar 1 09:26:49 UTC 2008 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-2143
2008-03-01 07:07:34
--------------------------------------------------------------------------------

Name        : viewvc
Product     : Fedora 7
Version     : 1.0.5
Release     : 1.fc7
URL         : http://www.viewvc.org/
Summary     : Browser interface for CVS and SVN version control repositories
Description :
ViewVC is a browser interface for CVS and Subversion version control
repositories. It generates templatized HTML to present navigable directory,
revision, and change log listings. It can display specific versions of files
as well as diffs between those versions. Basically, ViewVC provides the bulk
of the report-like functionality you expect out of your version control tool,
but much more prettily than the average textual command-line program output.

--------------------------------------------------------------------------------
Update Information:

These security issues have been fixed:    - omit commits of all-forbidden files
from query results  - disallow direct URL navigation to hidden CVSROOT folder  -
strip forbidden paths from revision view  - don't traverse log history thru
forbidden locations  - honor forbiddenness via diff view path parameters
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 29 2008 Bojan Smojver <bojan at rexursive.com> - 1.0.5-1
- Bump up to 1.0.5
* Sun Jun  3 2007 Bojan Smojver <bojan at rexursive.com> - 1.0.4-2
- Avoid import cycle errors (temporary fix)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #435349 - New upstream version - 1.0.5 - Has Security Fixes
        https://bugzilla.redhat.com/show_bug.cgi?id=435349
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update viewvc' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the Fedora-package-announce mailing list