Accepted viewvc 1.1.26-1+deb10u1 (source all) into oldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted viewvc 1.1.26-1+deb10u1 (source all) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Wed, 11 Jan 2023 08:30:21 +0000
- Debian: DAK
- Debian-architecture: source all
- Debian-archive-action: accept
- Debian-changes: viewvc_1.1.26-1+deb10u1_amd64.changes
- Debian-source: viewvc
- Debian-suite: oldstable
- Debian-version: 1.1.26-1+deb10u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=lBl/Rc9QnaPqCBR1bSqZMZGUtIdMay/TZVlXnlRO4R8=; b=UF19dry3a6XYXiTMxy6MEu0qUO yXi5U9bgJJFs/zS907cA2zzY+z2hJh1MjRsFTWjCsGfS/oiaGSYRQ3YPy8+zPYZS4S3Lutd3dKKwf BLl1yALAhmKw2YjpZC6rzg+7hx/94rNXxx4pHpwzKOvGMe8rc8RCdD0sTHguJ5g8NQvFYHe/vC86w +OGGyb45/px5BYV7TUDhafY62ujBaLGL1SMYKJVJqsIGxIpjKhRurZcoRQJr0Wb4aNVL2AUzQe4nu e6JlPU2o6PUUMqiSELJ+c+N63zOZiKE9fgloujbeCO5zJKfBNPwKHzKMz/WMMBENauacFUvlyVjBD i2ZYEMLg==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1pFWV3-003QB6-MG@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 11 Jan 2023 08:16:21 +0000
Source: viewvc
Binary: viewvc viewvc-query
Architecture: source all
Version: 1.1.26-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Lev Lamberov <dogsleg@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
viewvc - web interface for CVS and/or Subversion repositories
viewvc-query - utility to query CVS and Subversion commit database
Changes:
viewvc (1.1.26-1+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the Debian LTS team.
* CVE-2023-22456 & CVE-2023-22464: Prevent two potential cross-site scripting
vulnerabilities. The attack vectors involved files with unsafe names; names
that, when embedded into an HTML stream, could cause the browser to run
unwanted code.
Checksums-Sha1:
b0ac58bd1e3afd5eac971c4f4c33646f4e5ddc80 1964 viewvc_1.1.26-1+deb10u1.dsc
8055d0bd65134dc488169b91401f09e00a90269c 616804 viewvc_1.1.26.orig.tar.gz
43afb73faf71dda9001126140d8415129c4b8cb1 27284 viewvc_1.1.26-1+deb10u1.debian.tar.xz
1be47d7daff405943854fd729f907e0117e86656 11992 viewvc-query_1.1.26-1+deb10u1_all.deb
0c5ae7424b2040952a7a69a68c60dc3679e7bb3d 532428 viewvc_1.1.26-1+deb10u1_all.deb
a04358fb81ed82a457e37c59c362837cba510a08 7123 viewvc_1.1.26-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
93a30c35b4f4bd3b3a576026cf541d3ec2908b646d1ca8b66b48eaf061a162f6 1964 viewvc_1.1.26-1+deb10u1.dsc
eaf1322810dbe2e59e54f11cf83f55a0ad64c72c95b7d616d4c7fb81d03ec989 616804 viewvc_1.1.26.orig.tar.gz
2a92541701e78969b5258cfec1d893746bcb4ccee05eae861ead674151b3c267 27284 viewvc_1.1.26-1+deb10u1.debian.tar.xz
84639de6dbd44623379c564599242905876c3da2ef0f494f71f7a483068ef5b3 11992 viewvc-query_1.1.26-1+deb10u1_all.deb
533e1c2440f0733cc6d005b8e38bcbcafcd506464ab92367ba71febb94c937b2 532428 viewvc_1.1.26-1+deb10u1_all.deb
f884849b3f178cbdc16ec759aac58991dd646c3392fe1499a75a07c92da9a670 7123 viewvc_1.1.26-1+deb10u1_amd64.buildinfo
Files:
02c536d9fada3db0a20fe2e691f8b768 1964 vcs optional viewvc_1.1.26-1+deb10u1.dsc
d04936c9c0d5cb345797f85210a0fa00 616804 vcs optional viewvc_1.1.26.orig.tar.gz
40423013b7ed23d2edcaf28e61f77e4e 27284 vcs optional viewvc_1.1.26-1+deb10u1.debian.tar.xz
a20b6d20bf56d7f1d3de85c6d81855cc 11992 vcs optional viewvc-query_1.1.26-1+deb10u1_all.deb
0b05109d7f3aa7fb7d95326e1c013fd0 532428 vcs optional viewvc_1.1.26-1+deb10u1_all.deb
8f7808f6376990afec817132806f2819 7123 vcs optional viewvc_1.1.26-1+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmO+crMACgkQHpU+J9Qx
HliOaw/+IyC5jqTviu3wEi4M2cn7tzBY3J2HKepgg1UNqn7s0BK3y0/oxHsWO8d1
HerR/0kfFNF55fT9PRgzFAG42OX9iFaSvt+Me3EK2GbmyfgFIauJ0VRqON5ALVi4
4fjoqQTGSohP6RsXPh9UB8z/r4L6qL/i4buIvTnAE7jjcElVGv5MlgRQc6wlxGdp
ndzWaVPCLFCyRnwiaN3bu+LgCiQgRqa8qHj1A3q5tb8bYwCgXqOnzEy1QZQeNUcA
qnic6KN++puqT8mPE5+wxA8Ka28/LREGezeFsCuikLKXtEOR837KKC1AkujaMi7o
jpIy9FvNbWgsFi0HAjcTEqTOPv6LvYVI/deTA6YKdb2bFZ1JfKOMgs09fzHrKwmC
5TZRsdsjm+XxLRaAwn2r4ZSFPynAFW5O6Yf0yOakqFatxu8dHYBr0u1HN0qFS6Ot
1PQ1jvH35XDrlN6uJd3tT7ZU9Ivd3NTIIGUkXJDriOWyFqsXN4c3XtENiMDZbTrp
NpA/NJA4ZnJOfYeQiL5z8qwOdkP3TtLvMRdmrCCkW8qO5jNo5Xzv+R6aWHsyFIbk
dq0Lzl/7/fOcgpByEiZ6vjKKJjw9bi+GCwVNvr3JwmFheJ++SmNsPAfR+LbXx/tU
TkwgrXYC7zsLgRkiTHXRhLNTboRQQ8CSWQCGKsGEOWdsC841RFU=
=qlTR
-----END PGP SIGNATURE-----