2010-01-29 18:00:00
redhat
PUBLISHED
ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.