Bug 312165 (CVE-2010-0132)

Comment 1 Tobias Heinlein (RETIRED) 2010-03-30 18:39:16 UTC

Arches, please test and mark stable:
=www-apps/viewvc-1.1.5
Target keywords : "amd64 ppc sparc x86"

Comment 2 Christian Faulhammer (RETIRED) 2010-03-31 16:30:29 UTC

x86 stable

Comment 3 Tiago Cunha (RETIRED) 2010-04-03 02:15:46 UTC

sparc stable

Comment 4 Stefan Behte (RETIRED) 2010-04-06 04:04:23 UTC

CVE-2010-0132 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0132):
  Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5
  and 1.0 before 1.0.11, when the regular expression search
  functionality is enabled, allows remote attackers to inject arbitrary
  web script or HTML via vectors related to "search_re input," a
  different vulnerability than CVE-2010-0736.

Comment 5 Stefan Behte (RETIRED) 2010-04-11 14:01:54 UTC

CVE-2010-0132 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0132):
  Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5
  and 1.0 before 1.0.11, when the regular expression search
  functionality is enabled, allows remote attackers to inject arbitrary
  web script or HTML via vectors related to "search_re input," a
  different vulnerability than CVE-2010-0736.

Comment 6 Brent Baude (RETIRED) 2010-04-15 15:34:17 UTC

ppc done

Comment 7 Markus Meier 2010-04-15 20:47:50 UTC

amd64 stable, all arches done.

Comment 8 Alex Legler (RETIRED) 2010-04-17 18:52:09 UTC

XSS in webapps → NO. Closing.