oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: viewvc DoS

From: Josh Bressers <bressers () redhat com>
Date: Thu, 19 May 2011 15:00:05 -0400 (EDT)


----- Original Message -----

Hi,

cvsdb.py in viewvc before 1.1.11 did not honor an admin defined row
limit:
http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.11/CHANGES
http://viewvc.tigris.org/issues/show_bug.cgi?id=433
http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/cvsdb.py?diff_format=u&view=log



This one needs a 2009 ID:

CVE-2009-5024

My understanding is that the fix prevents a user from getting viewvc from
displaying a really big request that easy CPU and RAM.

Thanks.

-- 
    JB
Previous By Date Next
Previous By Thread Next

Current thread: