Debian 10225 Published by

A ViewVC security update has been released for Debian GNU/Linux 9 Extended LTS to address two issues.



ELA-768-1 viewvc security update

Package : viewvc
Version : 1.1.26-1+deb9u1 (stretch)

Related CVEs :
CVE-2023-22456
CVE-2023-22464

It was discovered that there were two issues in viewvc, a web-based interface for browsing Subversion and CVS repositories. The attack vectors involved files with unsafe names; names that, when embedded into an HTML stream, could cause the browser to run unwanted code.

  ELA-768-1 viewvc security update