Debian Security Advisory

DLA-462-1 websvn -- LTS security update

Date Reported:
09 May 2016
Affected Packages:
websvn
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2016-1236.
More information:

Nitin Venkatesh discovered that websvn, a web viewer for Subversion repositories, is susceptible to cross-site scripting attacks via specially crafted file and directory names in repositories.

For Debian 7 Wheezy, these issues have been fixed in websvn version 2.3.3-1.1+deb7u3