Haris Sehic discovered several vulnerabilities in viewcvs, a utility for viewing CVS and Subversion repositories via HTTP. When exporting a repository as a tar archive the hide_cvsroot and forbidden settings were not honoured enough. When upgrading the package for woody, please make a copy of your /etc/viewcvs/viewcvs.conf file if you have manually edited this file. Upon upgrade the debconf mechanism may alter it in a way so that viewcvs doesn't understand it anymore. For the stable distribution (woody) these problems have been fixed in version 0.9.2-4woody1. For the unstable distribution (sid) these problems have been fixed in version 0.9.2+cvs.1.0.dev.2004.07.28-1.2. We recommend that you upgrade your viewcvs package.
Haris Sehic discovered several vulnerabilities in viewcvs, a utility for viewing CVS and Subversion repositories via HTTP. When exporting a repository as a tar archive the hide_cvsroot and forbidden settings were not honoured enough.
When upgrading the package for woody, please make a copy of your /etc/viewcvs/viewcvs.conf file if you have manually edited this file. Upon upgrade the debconf mechanism may alter it in a way so that viewcvs doesn't understand it anymore.
For the stable distribution (woody) these problems have been fixed in version 0.9.2-4woody1.
For the unstable distribution (sid) these problems have been fixed in version 0.9.2+cvs.1.0.dev.2004.07.28-1.2.
We recommend that you upgrade your viewcvs package.
MD5 checksums of the listed files are available in the original advisory.
Vulmon