PublicDate: 2008-03-24 17:44:00 UTC
Candidate: CVE-2008-1292
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1292
Description:
 ViewVC before 1.0.5 provides revision metadata without properly checking
 whether access was intended, which allows remote attackers to obtain
 sensitive information by reading (1) forbidden pathnames in the revision
 view, (2) log history that can only be reached by traversing a forbidden
 object, or (3) forbidden diff view path parameters.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_viewcvs:
upstream_viewcvs: released (1.0.5)
dapper_viewcvs: ignored (reached end-of-life)
edgy_viewcvs: needed (reached end-of-life)
feisty_viewcvs: needed (reached end-of-life)
gutsy_viewcvs: DNE
hardy_viewcvs: DNE
intrepid_viewcvs: DNE
jaunty_viewcvs: DNE
karmic_viewcvs: DNE
lucid_viewcvs: DNE
maverick_viewcvs: DNE
natty_viewcvs: DNE
oneiric_viewcvs: DNE
devel_viewcvs: DNE

Patches_viewvc:
upstream_viewvc: not-affected (1.0.5)
dapper_viewvc: DNE
edgy_viewvc: DNE
feisty_viewvc: DNE
gutsy_viewvc: needed (reached end-of-life)
hardy_viewvc: ignored (reached end-of-life)
intrepid_viewvc: not-affected (1.0.5-0.1)
jaunty_viewvc: not-affected (1.0.5-0.2)
karmic_viewvc: not-affected (1.0.5-0.2)
lucid_viewvc: not-affected (1.0.9-1)
maverick_viewvc: not-affected (1.0.9-1)
natty_viewvc: not-affected (1.0.9-1)
oneiric_viewvc: not-affected (1.0.9-1)
devel_viewvc: not-affected (1.0.9-1)