A new release is available, please update. It even contains a security fix. Thank you
Thanks for the report, in particular the heads-up about including a security fix -- that was not apparent from the release announcement!
* security fix: ignore arbitrary user-provided MIME types (issue #354) http://viewvc.tigris.org/issues/show_bug.cgi?id=354 I would not consider this a security issue. It allows an attacker to create a URL setting an arbitrary mime-type on a file in the repository, and entice a user to retrieve that file. This might render the link useless, or at worst case crash the browser. But I do not see how this might result in, say, code execution.
Isn't Denail of Service also security relevant? CVE-2008-4325
Not if it needs a user's assistance and crashes a client application.
in cvs.