bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Stable CVS Version 1.11.11 Released! <strong>(security update)</strong>


From: Derek Robert Price
Subject: Stable CVS Version 1.11.11 Released! <strong>(security update)</strong>
Date: Thu, 18 Dec 2003 16:48:46 -0500
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stable CVS 1.11.11 has been released.  Stable releases contain only bug
fixes from previous versions of CVS.  This release adds code to the CVS
server to prevent it from continuing as root after a user login, as an
extra failsafe against a compromise of the CVSROOT/passwd file.
Previously, any user with the ability to write the CVSROOT/passwd file
could execute arbitrary code as the root user on systems with CVS
pserver access enabled.  We recommend this upgrade for all CVS servers!

Take a look at the NEWS file
<<http://ccvs.cvshome.org/source/browse/ccvs/NEWS?rev=1.116.2.45&content-type=text/x-cvsweb-markup>
from the source distribution or go directly to the downloads page
<http://ccvs.cvshome.org/servlets/ProjectDownloadList>.


MD5 Sum:

e2ceb57c06dc532d0156bdba687073c9  cvs-1.11.11.tar.bz2

Derek
Public key availble from <http:/./pgp.mit.edu>
Public key fingerprint: CB6A 07CA 90C5 4234 E8A3 C8D0 2C3D 4E4C 17F2 31A4.

- --
                *8^)

Email: address@hidden

Get CVS support at <http://ximbiot.com>!
- --
There are three kinds of men. The ones that learn by reading and the
few who learn by observation. The rest of them have to pee on the
electric fence.

            - Will Rogers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org

iD8DBQE/4iC9LD1OTBfyMaQRAkH+AJ4hoR6y3oAtgEqqxxpFI1Gd2hARFwCg9W1a
ii041122dO3/UlGe4oKy988=
=Joxc
-----END PGP SIGNATURE-----






reply via email to

[Prev in Thread] Current Thread [Next in Thread]