Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.1123
websvn security update
10 May 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: websvn
Publisher: Debian
Operating System: Debian GNU/Linux 8
UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Cross-site Scripting -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2016-1236
Original Bulletin:
http://www.debian.org/security/2016/dsa-3572
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running websvn check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3572-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 09, 2016 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : websvn
CVE ID : CVE-2016-1236
Nitin Venkatesh discovered that websvn, a web viewer for Subversion
repositories, is susceptible to cross-site scripting attacks via
specially crafted file and directory names in repositories.
For the stable distribution (jessie), this problem has been fixed in
version 2.3.3-1.2+deb8u2.
We recommend that you upgrade your websvn packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJXMNiCAAoJEAVMuPMTQ89Er2kP/1F1g4/MR7YKLjZRc8/xJtIy
C8mrTHGfcfRSxEDcSl4RioWS1RUDCES6ZtW8aNFEvyrwqwzHPY3ATaDD2Y+FyUXb
8qfCD13cR0YCNbwJkiWGm9JkXULD2fMO4E+Iy5GpYpfLA7jijq3xs9VngopfT8rQ
BW5pdfKb1klQw6nO+6QA8jzARVMAV1tQaqA8LmoXnkdm9bh1KnUbx3fhpRtdPEK2
UGK/C4NtlCBmexEFZL4YC1JRrpP27zaWAna3L3QxukAhyPCxD+LcaiZXkRyrvfAR
OpgGmF+fwKYV8D4JPrNq/wIngeeK4fFqmuUx4XPFatJ642DcA2U+gRf0w8sj8Wct
WhTTRQXGLUjYM+HWwbzkAi6Ma+tlYBKRU1Q1LKxzuHJ1nCaC41yUqVdohnxzvk0g
Bd7KnnnM2OygCBWlXP9f/Mc0lMkN2bKvRfym/1yuT4XL3ge6sH98FJssgdAQxYAN
Pflzb+b7ODOhKFSr4PmosKc00//1TzZXOnUISTCNsqtGgAyoURR45ajcq34TiwjT
ajY+0xL/ld5UJfUh6xv9ZuiXd0sZ5Pbacl31DsjrtdmHLmqmk3qFYObfHOdCumbm
a3W0JctrNX8I7DThL5gCNcg2hKMEGD6p6hY3etC9mL7Ez3/XlFrc04I7mjW59FKk
i+/vluAGhs4n8yPikzOo
=Q6WA
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVzE3EH6ZAP0PgtI9AQKq3BAAl0HdTMU/+te2Vu/JsB33Vt9A+3p3ZMkk
arlwhF/ugg2TQW9oEXEriCDO+r0tHr8wVqSFXgcijGFeIme3NBoBXQUmRt/CTWMf
UK/S55xBGf99NSSK6SEju2+BTSwHiPKKTb6NlEp5PWf7NNMLdjcgJV5vIhdaSuZ4
NKSikRRfMCrO/dAYKYZgMT0pMyWzjakVucVxX16s2mtDj9KN0RxOyp2skdhifmj9
KjFfOiRDGD/H9PYcBdErSI5mk3bV8wMSdb1EFUDLx0F/Y92IKm8a0TgNEAtENymm
TAw1srDmmcdEgSTJXRSqMH3sp4MQVqpIMVsq5ENy5NN1BF59CQUvlcQorSwYxBYh
jXixOhEzoniCh/ELPbD2NH7Ppz+zL52Ub+N/LMnAshoainlU7syHs9nlasaUQB60
3BhRIAMaGP8imlmgyfkMx5xaLBEzPk8W7g7oAqbD2ml/UR+YlfZDxRXatOl6MLob
zqvuQxU/m+zpe3xY8ATv891s16ghBPIk5ctYTi/dzXfskvdnHCVFhZwHN31OtGc1
5y7Zm7E93ur6l9pqpobB6nrIOMZoP+dzTFszHKUN0fSTzEceLQgzhVZ97oaQ4XT7
b/AvNCv5Qs7OcDtRSpTYLp2fE88k8MaveHCQDR57n/TY3YvooUJgWsQka0j7wqCx
kvafGvHEjD8=
=q8U2
-----END PGP SIGNATURE-----