bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVS Feature Version 1.12.5 Released! <strong>(security update)</strong>


From: Derek Robert Price
Subject: CVS Feature Version 1.12.5 Released! <strong>(security update)</strong>
Date: Thu, 18 Dec 2003 16:57:32 -0500
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Feature CVS 1.12.5 has been released.  Feature releases contain new
features as well as all the bug fixes from the stable releases.  This
release adds code to the CVS server to prevent it from continuing as
root after a user login, as an extra failsafe against a compromise of
the CVSROOT/passwd file.  Previously, any user with the ability to write
the CVSROOT/passwd file could execute arbitrary code as the root user on
systems with CVS pserver access enabled.  It also fixes some issues
compiling under windows and other issues compilng the large file support
on various platforms.  We recommend this upgrade for all CVS clients and
servers already running the feature release and for those who simply
like to stay on the cutting edge!

Take a look at the NEWS file
<http://ccvs.cvshome.org/source/browse/ccvs/NEWS?rev=1.175&content-type=text/x-cvsweb-markup>
from the source distribution or go directly to the downloads page
<http://ccvs.cvshome.org/servlets/ProjectDownloadList>.

MD5 sum:

eeacc440ad77e0671bffa0fd2900f419  cvs-1.12.5.tar.bz2

Derek
Public key availble from <http:/./pgp.mit.edu>
Public key fingerprint: CB6A 07CA 90C5 4234 E8A3 C8D0 2C3D 4E4C 17F2 31A4.

- --
                *8^)

Email: address@hidden

Get CVS support at <http://ximbiot.com>!
- --
There are three kinds of men. The ones that learn by reading and the
few who learn by observation. The rest of them have to pee on the
electric fence.

            - Will Rogers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org

iD8DBQE/4iLLLD1OTBfyMaQRAq85AKDxChit/V/zCj3BVjzwyPzNn9d7JgCgg37j
Xx+DGSudpV/xpN/Hq1oJbQs=
=JSHx
-----END PGP SIGNATURE-----






reply via email to

[Prev in Thread] Current Thread [Next in Thread]