[viewvc/el5] Patch CVE-2012-4533, bug #868606.

bojan bojan at fedoraproject.org
Mon Oct 22 01:16:44 UTC 2012 

commit de6b2ba5ba69dac23eeaf6ee29ccc5beaadd9b6d
Author: Bojan Smojver <bojan at rexursive.com>
Date:   Mon Oct 22 12:06:07 2012 +1100

    Patch CVE-2012-4533, bug #868606.
    
    Conflicts:
    	viewvc.spec

 viewvc-1.1.5-CVE-2012-4533-xss.patch |   13 +++++++++++++
 viewvc.spec                          |    7 ++++++-
 2 files changed, 19 insertions(+), 1 deletions(-)
---
diff --git a/viewvc-1.1.5-CVE-2012-4533-xss.patch b/viewvc-1.1.5-CVE-2012-4533-xss.patch
new file mode 100644
index 0000000..2419244
--- /dev/null
+++ b/viewvc-1.1.5-CVE-2012-4533-xss.patch
@@ -0,0 +1,13 @@
+Index: viewvc-1.1.5/lib/viewvc.py
+===================================================================
+--- viewvc-1.1.5.orig/lib/viewvc.py	2012-10-20 17:50:09.000000000 -0300
++++ viewvc-1.1.5/lib/viewvc.py	2012-10-20 17:51:24.000000000 -0300
+@@ -2819,7 +2819,7 @@
+       return _item(type='header',
+                    line_info_left=match.group(1),
+                    line_info_right=match.group(2),
+-                   line_info_extra=match.group(3))
++                   line_info_extra=self._format_text(match.group(3)))
+     
+     if line[0] == '\\':
+       # \ No newline at end of file
diff --git a/viewvc.spec b/viewvc.spec
index f3e031e..71e1ac1 100644
--- a/viewvc.spec
+++ b/viewvc.spec
@@ -2,7 +2,7 @@
 
 Name:           viewvc
 Version:        1.1.15
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Browser interface for CVS and SVN version control repositories
 
 Group:          Development/Tools
@@ -12,6 +12,7 @@ Source0:        http://www.viewvc.org/%{name}-%{version}.tar.gz
 Source1:        viewvc.conf
 Source2:        README.httpd
 Source3:        viewvc-lexer-mimetypes.py
+Patch1:         viewvc-1.1.5-CVE-2012-4533-xss.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 Obsoletes:      %{name}-selinux < 1.0.3-11
@@ -44,6 +45,7 @@ with decent performance when run under Apache.
 
 %prep
 %setup -q
+%patch1 -p1 -b .CVE-2012-4533-xss
 
 %build
 
@@ -119,6 +121,9 @@ with decent performance when run under Apache.
 %attr(0700,apache,apache) %{_localstatedir}/spool/viewvc
 
 %changelog
+* Mon Oct 22 2012 Bojan Smojver <bojan at rexursive.com> - 1.1.15-3
+- patch CVE-2012-4533, bug #868606
+
 * Sun Jul 22 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.1.15-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

More information about the scm-commits mailing list