[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request: viewvc DoS
From: Josh Bressers <bressers () redhat ! com>
Date: 2011-05-19 19:00:05
Message-ID: 1843790166.178934.1305831605642.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
----- Original Message -----
> Hi,
>
> cvsdb.py in viewvc before 1.1.11 did not honor an admin defined row
> limit:
> http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.11/CHANGES
> http://viewvc.tigris.org/issues/show_bug.cgi?id=433
> http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/cvsdb.py?diff_format=u&view=log
>
This one needs a 2009 ID:
CVE-2009-5024
My understanding is that the fix prevents a user from getting viewvc from
displaying a really big request that easy CPU and RAM.
Thanks.
--
JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic