viewvc-1.3.0~dev20250722-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15374-1 Final 1 1 2025-07-23T00:00:00Z current 2025-07-23T00:00:00Z 2025-07-23T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z viewvc-1.3.0~dev20250722-1.1 on GA media These are all security issues fixed in the viewvc-1.3.0~dev20250722-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15374 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-54141/ SUSE CVE CVE-2025-54141 page openSUSE Tumbleweed viewvc-1.3.0~dev20250722-1.1 viewvc-1.3.0~dev20250722-1.1 as a component of openSUSE Tumbleweed ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a directory traversal-style attack. This is fixed in versions 1.1.31 and 1.2.4. CVE-2025-54141 openSUSE Tumbleweed:viewvc-1.3.0~dev20250722-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-54141.html CVE-2025-54141 https://bugzilla.suse.com/1246909 SUSE Bug 1246909