oss-sec mailing list archives
Re: CVE Request: viewvc DoS
From: Josh Bressers <bressers () redhat com>
Date: Thu, 19 May 2011 15:00:05 -0400 (EDT)
----- Original Message -----
Hi, cvsdb.py in viewvc before 1.1.11 did not honor an admin defined row limit: http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.11/CHANGES http://viewvc.tigris.org/issues/show_bug.cgi?id=433 http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/cvsdb.py?diff_format=u&view=log
This one needs a 2009 ID: CVE-2009-5024 My understanding is that the fix prevents a user from getting viewvc from displaying a really big request that easy CPU and RAM. Thanks. -- JB
Current thread:
- CVE Request: viewvc DoS Ludwig Nussel (May 19)
- Re: CVE Request: viewvc DoS Josh Bressers (May 19)