[viewvc] Patch CVE-2012-4533, bug #868606.
bojan
bojan at fedoraproject.org
Mon Oct 22 01:06:44 UTC 2012
commit d0b5791b9b06e413a2c527eba851d3baa4751f9d
Author: Bojan Smojver <bojan at rexursive.com>
Date: Mon Oct 22 12:06:07 2012 +1100
Patch CVE-2012-4533, bug #868606.
viewvc-1.1.5-CVE-2012-4533-xss.patch | 13 +++++++++++++
viewvc.spec | 7 ++++++-
2 files changed, 19 insertions(+), 1 deletions(-)
---
diff --git a/viewvc-1.1.5-CVE-2012-4533-xss.patch b/viewvc-1.1.5-CVE-2012-4533-xss.patch
new file mode 100644
index 0000000..2419244
--- /dev/null
+++ b/viewvc-1.1.5-CVE-2012-4533-xss.patch
@@ -0,0 +1,13 @@
+Index: viewvc-1.1.5/lib/viewvc.py
+===================================================================
+--- viewvc-1.1.5.orig/lib/viewvc.py 2012-10-20 17:50:09.000000000 -0300
++++ viewvc-1.1.5/lib/viewvc.py 2012-10-20 17:51:24.000000000 -0300
+@@ -2819,7 +2819,7 @@
+ return _item(type='header',
+ line_info_left=match.group(1),
+ line_info_right=match.group(2),
+- line_info_extra=match.group(3))
++ line_info_extra=self._format_text(match.group(3)))
+
+ if line[0] == '\\':
+ # \ No newline at end of file
diff --git a/viewvc.spec b/viewvc.spec
index 5c606fe..544839f 100644
--- a/viewvc.spec
+++ b/viewvc.spec
@@ -2,7 +2,7 @@
Name: viewvc
Version: 1.1.15
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: Browser interface for CVS and SVN version control repositories
Group: Development/Tools
@@ -13,6 +13,7 @@ Source1: viewvc-fcgi.conf
Source2: viewvc-wsgi.conf
Source3: README.httpd
Source4: viewvc-lexer-mimetypes.py
+Patch1: viewvc-1.1.5-CVE-2012-4533-xss.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Obsoletes: %{name}-selinux < 1.0.3-13
@@ -55,6 +56,7 @@ with decent performance when run under Apache.
%prep
%setup -q
+%patch1 -p1 -b .CVE-2012-4533-xss
%build
@@ -142,6 +144,9 @@ with decent performance when run under Apache.
%attr(0700,apache,apache) %{_localstatedir}/spool/viewvc
%changelog
+* Mon Oct 22 2012 Bojan Smojver <bojan at rexursive.com> - 1.1.15-3
+- patch CVE-2012-4533, bug #868606
+
* Sun Jul 22 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.1.15-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
More information about the scm-commits
mailing list