Date: Sun, 17 Jan 2010 00:27:40 -0500 From: "Philip M. Gollucci" <pgollucci@p6m7g8.com> To: Bruce Cran <bruce@cran.org.uk> Cc: www@freebsd.org Subject: Re: Update of viewvc from 1.1-dev to 1.1.3 to fix security issues? Message-ID: <4B529FCC.3030709@p6m7g8.com> In-Reply-To: <20100113153847.00000a8f@unknown> References: <20100113153847.00000a8f@unknown>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/13/2010 10:38 AM, Bruce Cran wrote: > Hi, > > Having recently setup a ViewVC server myself, I noticed that > http://svn.freebsd.org/viewvc is still reporting that it's using > version 1.1-dev, which I presume is a version from before 1.1.0? > > Version 1.1.3 was released just before Christmas and fixed a couple of > new security issues. I don't know what configuration is being used, but > if you're running a version before 1.1.2 you might want to consider > upgrading since they have an XSS flaw. > > Regards, > Bruce Cran > IIRC, you can disable the 'views' in the viewvc.conf to work around that without upgrading. but he I like upgrading. -- ------------------------------------------------------------------------ 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C Philip M. Gollucci (pgollucci@p6m7g8.com) c: 703.336.9354 VP Apache Infrastructure; Member, Apache Software Foundation Committer, FreeBSD Foundation Sr. System Admin, Ridecharge Inc. Consultant, P6M7G8 Inc. Work like you don't need the money, love like you'll never get hurt, and dance like nobody's watching.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B529FCC.3030709>