info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Open-source defect reaches deep: 23-Jan-2003 Article on news.com


From: Greg Larkin
Subject: Re: Open-source defect reaches deep: 23-Jan-2003 Article on news.com
Date: 28 Oct 2004 07:26:08 -0700

"Paras jain" <address@hidden> wrote in message news:<address@hidden>...
> Dear All,
> 
>    We as a company are moving from PVCS to CVS and one of our friend 
> found below one article (A server bug in CVS)!
> 
>     Is this bug published at "http://news.com.com/2100-1001-981830.html";
> 
>  still in CVS or if removed then in which version it is removed? Please 
> provide some light on it as it looks very severe?
> 
> Thanks 
> Paras

Hi Paras,

This is a very old security problem in CVS.  It only affects versions
1.11.4 and less.  Have a look at the original advisory here:
http://security.e-matters.de/advisories/012003.html/

Here is a more recent advisory:
http://security.e-matters.de/advisories/092004.html

In either case, if you download a recent version of the CVS software
from cvshome.org, you won't encounter these security problems.

Regards,
Greg
----
SourceHosting.net, LLC
Ready. Set. Code.
http://www.sourcehosting.net/


reply via email to

[Prev in Thread] Current Thread [Next in Thread]