Version 1.1.5 (released 29-Mar-2010) * security fix: escape user-provided search_re input to avoid XSS attack
Arches, please test and mark stable: =www-apps/viewvc-1.1.5 Target keywords : "amd64 ppc sparc x86"
x86 stable
sparc stable
CVE-2010-0132 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0132): Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736.
ppc done
amd64 stable, all arches done.
XSS in webapps → NO. Closing.