[viewvc] Patch CVE-2012-4533, bug #868606.

bojan bojan at fedoraproject.org
Mon Oct 22 01:06:44 UTC 2012 

commit d0b5791b9b06e413a2c527eba851d3baa4751f9d
Author: Bojan Smojver <bojan at rexursive.com>
Date:   Mon Oct 22 12:06:07 2012 +1100

    Patch CVE-2012-4533, bug #868606.

 viewvc-1.1.5-CVE-2012-4533-xss.patch |   13 +++++++++++++
 viewvc.spec                          |    7 ++++++-
 2 files changed, 19 insertions(+), 1 deletions(-)
---
diff --git a/viewvc-1.1.5-CVE-2012-4533-xss.patch b/viewvc-1.1.5-CVE-2012-4533-xss.patch
new file mode 100644
index 0000000..2419244
--- /dev/null
+++ b/viewvc-1.1.5-CVE-2012-4533-xss.patch
@@ -0,0 +1,13 @@
+Index: viewvc-1.1.5/lib/viewvc.py
+===================================================================
+--- viewvc-1.1.5.orig/lib/viewvc.py	2012-10-20 17:50:09.000000000 -0300
++++ viewvc-1.1.5/lib/viewvc.py	2012-10-20 17:51:24.000000000 -0300
+@@ -2819,7 +2819,7 @@
+       return _item(type='header',
+                    line_info_left=match.group(1),
+                    line_info_right=match.group(2),
+-                   line_info_extra=match.group(3))
++                   line_info_extra=self._format_text(match.group(3)))
+     
+     if line[0] == '\\':
+       # \ No newline at end of file
diff --git a/viewvc.spec b/viewvc.spec
index 5c606fe..544839f 100644
--- a/viewvc.spec
+++ b/viewvc.spec
@@ -2,7 +2,7 @@
 
 Name:           viewvc
 Version:        1.1.15
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Browser interface for CVS and SVN version control repositories
 
 Group:          Development/Tools
@@ -13,6 +13,7 @@ Source1:        viewvc-fcgi.conf
 Source2:        viewvc-wsgi.conf
 Source3:        README.httpd
 Source4:        viewvc-lexer-mimetypes.py
+Patch1:         viewvc-1.1.5-CVE-2012-4533-xss.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 Obsoletes:      %{name}-selinux < 1.0.3-13
@@ -55,6 +56,7 @@ with decent performance when run under Apache.
 
 %prep
 %setup -q
+%patch1 -p1 -b .CVE-2012-4533-xss
 
 %build
 
@@ -142,6 +144,9 @@ with decent performance when run under Apache.
 %attr(0700,apache,apache) %{_localstatedir}/spool/viewvc
 
 %changelog
+* Mon Oct 22 2012 Bojan Smojver <bojan at rexursive.com> - 1.1.15-3
+- patch CVE-2012-4533, bug #868606
+
 * Sun Jul 22 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.1.15-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

More information about the scm-commits mailing list