You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa viewvc

Sigurnosni nedostatak programskog paketa viewvc

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2020-05-15 04:09:52.670496

Name : viewvc
Product : Fedora 30
Version : 1.1.28
Release : 1.fc30
Summary : Browser interface for CVS and SVN version control repositories
Description :
ViewVC is a browser interface for CVS and Subversion version control
repositories. It generates templatized HTML to present navigable directory,
revision, and change log listings. It can display specific versions of files
as well as diffs between those versions. Basically, ViewVC provides the bulk
of the report-like functionality you expect out of your version control tool,
but much more prettily than the average textual command-line program output.

Update Information:

Fix for CVE-2020-5283. ViewVC 1.1.28 ChangeLog – security fix: escape subdir
lastmod file name (#211) – fix first request failure (#195)
ViewVC 1.1.27 ChangeLog: – suppress stack traces (with option to show) (#140)
– distinguish text/binary/image files by icons (#166, #175) – colorize
alternating file content lines (#167) – link to the instance root from the
ViewVC logo (#168) – display directory and root counts, too (#169) – fix double
fault error in (#157) – support timezone offsets with minutes
piece (#176)

* Wed May 6 2020 Bojan Smojver <> – 1.1.28-1
– bump up to 1.1.28
– CVE-2020-5283

[ 1 ] Bug #1831804 – CVE-2020-5283 viewvc: XSS vulnerability in CVS show_subdir_lastmod support [fedora-30]
[ 2 ] Bug #1831805 – CVE-2020-5283 viewvc: XSS vulnerability in CVS show_subdir_lastmod support [epel-6]
[ 3 ] Bug #1831806 – CVE-2020-5283 viewvc: XSS vulnerability in CVS show_subdir_lastmod support [epel-7]

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-c952520959’ at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:

AutorToni Vugdelija
Cert idNCERT-REF-2020-05-0001-ADV
More in Preporuke
Sigurnosni nedostatak jezgre operacijskog sustava

Otkriven je sigurnosni nedostatak jezgre operacijskog sustava Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja. Savjetuje se ažuriranje izdanim...