Package: websvn Severity: important Tags: security Hi,
A security issue has been reported against websvn: Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It has been fixed in the new 2.0 release. This is CVE-2007-3056, please mention it in the changelog when uploading a fixed version. This seems to be the fix itself: http://websvn.tigris.org/source/browse/websvn/trunk/filedetails.php?rev=581&r1=569&r2=581 Since websvn does not have any cookie-based authentication of itself, I don't think this warrants updates to stable/oldstable. But still it's an important bug to fix. thanks Thijs
pgpPImHpYj25Y.pgp
Description: PGP signature
