| Package | viewvc |
|---|---|
| Version | 1.1.26-1+deb9u1 (stretch) |
| Related CVEs | CVE-2023-22456 CVE-2023-22464 |
It was discovered that there were two issues in viewvc, a web-based interface for browsing Subversion and CVS repositories. The attack vectors involved files with unsafe names; names that, when embedded into an HTML stream, could cause the browser to run unwanted code.
For Debian 9 stretch, these problems have been fixed in version 1.1.26-1+deb9u1.
We recommend that you upgrade your viewvc packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.