ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.
Gentoo Linux Security Advisory GLSA 200803-29 - Multiple unspecified errors were reportedly fixed by the ViewVC development team. Versions less than 1.05 are affected.