'Re: [oss-security] CVE Request: viewvc DoS'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: viewvc DoS
From:       Josh Bressers <bressers () redhat ! com>
Date:       2011-05-19 19:00:05
Message-ID: 1843790166.178934.1305831605642.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]



----- Original Message -----
> Hi,
> 
> cvsdb.py in viewvc before 1.1.11 did not honor an admin defined row
> limit:
> http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.11/CHANGES
> http://viewvc.tigris.org/issues/show_bug.cgi?id=433
> http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/cvsdb.py?diff_format=u&view=log
> 

This one needs a 2009 ID:

CVE-2009-5024

My understanding is that the fix prevents a user from getting viewvc from
displaying a really big request that easy CPU and RAM.

Thanks.

-- 
    JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic