oss-sec mailing list archives
Re: CVE Request: viewvc
From: Nico Golde <oss-security+ml () ngolde de>
Date: Thu, 14 Jan 2010 13:02:53 +0100
Hi, * Josh Bressers <bressers () redhat com> [2010-01-13 22:14]:
----- "Ludwig Nussel" <ludwig.nussel () suse de> wrote:viewvc 1.1.3 was released with security fixes according to the changelog: http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD More explanations are in this commit: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300As best as I can tell, there are only two things that deserve CVE ids: * security fix: add root listing support of per-root authz config Use CVE-2010-0004
In what sense is this a security fix? This looks just like an enhancement to allow admins to configure this behaviour but I see no security bug itself here. Please enlighten me :) Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- CVE Request: viewvc Ludwig Nussel (Jan 11)
- Re: CVE Request: viewvc Josh Bressers (Jan 13)
- Re: CVE Request: viewvc Nico Golde (Jan 14)
- Re: CVE Request: viewvc Josh Bressers (Jan 13)