[opensuse-security] Re: [security-announce] SUSE Security Summary Report: SUSE-SR:2010:007 (fwd)

[Markus Gaugusch <markus@xxxxxxxxxxx>]

Hi,

The latest update of viewvc (viewvc-2240) does no longer work with CVS 
(on OpenSUSE 11.1).

An Exception Has Occurred
Python Traceback

Traceback (most recent call last):
  File "/srv/viewvc/lib/viewvc.py", line 3765, in main
    request.run_viewvc()
  File "/srv/viewvc/lib/viewvc.py", line 399, in run_viewvc
    self.view_func(self)
  File "/srv/viewvc/lib/viewvc.py", line 1614, in view_directory
    row.log = format_log(file.log, cfg)
  File "/srv/viewvc/lib/viewvc.py", line 1014, in format_log
    s = htmlify(log[:cfg.options.short_log_len], cfg.options.buglink_base)
TypeError: htmlify() takes exactly 1 argument (2 given)


If I change line 1002 in viewvc.py from
def htmlify(html):
to
def htmlify(html, buglink):
it works again.

regards,
Markus
PS: I've been notified, that this bug is already fixed at suse, so this is 
just a heads up for the other people here. Apparently it works on 11.2, 
but I can't verify it at the moment.

On Mar 30, Sebastian Krahmer <krahmer@xxxxxxx> wrote:

>        1) Solved Security Vulnerabilities:
>            - viewvc

>   - viewvc
>     Query forms didn't escape user provided input, therefore allowing
>     cross-site-scripting (XSS) attacks.
>     CVE-2010-0736 has been assigned to this issue.
>     Affected products: openSUSE 11.0-11.2

--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx