Overview

File _patchinfo of Package patchinfo.6401

<patchinfo incident="6401">
  <issue id="1024393" tracker="bnc">VUL-0: CVE-2017-5938: viewvc: XSS vulnerability: Escape some raw path data before handing off to templates</issue>
  <issue id="2017-5938" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>AndreasStieger</packager>
  <description>
This update for viewvc to version 1.1.26 fixes the following issues:

- vievwc 1.1.26, including one security fix:
  * CVE-2017-5938 escape nav_data name to avoid XSS attack (boo#1024393)

- vievwc 1.1.25:
  * fix _rev2optrev assertion on long input
- license is BSD-2-Clause, package LICENSE text

- Update viewvc.conf for Apache 2.4 syntax. 

- viewvc 1.1.24:
  * fix minor bug in human_readable boolean calculation
  * allow hr_funout option to apply to unidiff diffs, too
  * fix infinite loop in rcsparse
  * fix iso8601 timezone offset handling
  * add support for renamed roots
  * fix minor buglet in viewvc-install error message
</description>
  <summary>Security update for viewvc</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places