Candidate: CVE-2012-4533
PublicDate: 2012-11-19 00:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4533
Description:
 Cross-site scripting (XSS) vulnerability in the "extra" details in the
 DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13
 and 1.1.x before 1.1.16 allows remote authenticated users with repository
 commit access to inject arbitrary web script or HTML via the "function
 name" line.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691062
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_viewvc:
upstream_viewvc: released (1.1.5-1.4)
hardy_viewvc: ignored (reached end-of-life)
lucid_viewvc: ignored (reached end-of-life)
natty_viewvc: ignored (reached end-of-life)
oneiric_viewvc: ignored (reached end-of-life)
precise_viewvc: released (1.1.5-1.1+squeeze2build0.12.04.1)
quantal_viewvc: ignored (reached end-of-life)
raring_viewvc: not-affected (1.1.5-1.4)
saucy_viewvc: not-affected (1.1.5-1.4)
trusty_viewvc: not-affected (1.1.5-1.4)
trusty/esm_viewvc: DNE (trusty was not-affected [1.1.5-1.4])
utopic_viewvc: not-affected (1.1.5-1.4)
vivid_viewvc: not-affected (1.1.5-1.4)
vivid/stable-phone-overlay_viewvc: DNE
vivid/ubuntu-core_viewvc: DNE
wily_viewvc: not-affected (1.1.5-1.4)
xenial_viewvc: not-affected (1.1.5-1.4)
yakkety_viewvc: not-affected (1.1.5-1.4)
devel_viewvc: not-affected (1.1.5-1.4)