Chung-Chieh Shan

**Name of the Vulnerable Software and Affected Versions** viewvc version 1.0.3 **Description** The issue allows improper access control to files in a repository when using the `forbidden` configuration option. **Recommendations** For viewvc version 1.0.3, consider restricting access to the repository or reconfiguring the `forbidden` option to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** xpdf versions prior to 3.02-19 xpdf version 3.02-12+squeeze1 **Description** The issue allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name, due to insecure temporary file deletion in zxpdf. **Recommendations** For xpdf versions prior to 3.02-19, update to version 3.02-19 or later. For xpdf version 3.02-12+squeeze1, consider upgrading to a newer version or applying security patches if available. At the moment, there is no information about additional mitigation measures for this specific issue.