A ViewVC security update has been released for Debian GNU/Linux 9 Extended LTS to address two issues.
ELA-768-1 viewvc security update
Package : viewvc
ELA-768-1 viewvc security update
Version : 1.1.26-1+deb9u1 (stretch)
Related CVEs :
CVE-2023-22456
CVE-2023-22464
It was discovered that there were two issues in viewvc, a web-based interface for browsing Subversion and CVS repositories. The attack vectors involved files with unsafe names; names that, when embedded into an HTML stream, could cause the browser to run unwanted code.
