pkgsrc-WIP-discuss archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: ViewCVS vulnerability

At Wed, 03 Aug 2005 09:30:22 +0100,
Adrian Portelli <> wrote:
> I dropped a digit off the end of that URL which is probably why you're
> getting sendmail instead of ViewCVS :).  I've updated the TODO with the
> correct URLs now.  Some of these may be duplicates but these are the
> issues I have so far that would need to be looked into before we can
> import it:

Thanks for clarification. According to CHANGES file, ViewCVS 0.9.3
has three security fixes. Does this solve any of TODO entries?

Version 0.9.3 (released 17-May-2005)

  * security fix: disallow bad "content-type" input [CAN-2004-1062]
  * security fix: disallow bad "sortby" and "cvsroot" input [CAN-2002-0771]
  * security fix: omit forbidden/hidden modules from tarballs [CAN-2002-0771]

// HIRAMATSU Yoshifumi

SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement *
pkgsrc-wip-discuss mailing list

Home | Main Index | Thread Index | Old Index