[Monotone-debian] Bug#601850: monotone: Empty command string can be used

monotone-debian

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Monotone-debian] Bug#601850: monotone: Empty command string can be used

From:	Francis Russell
Subject:	[Monotone-debian] Bug#601850: monotone: Empty command string can be used to crash certain server configurations
Date:	Sat, 30 Oct 2010 10:40:15 +0100

Package: monotone
Version: 0.48-2
Severity: serious
Tags: upstream


Monotone versions 0.46, 0.47 and 0.48 are affected by a bug whereby a client
sending an empty command string to the server can cause it to terminate if
remote command execution is enabled. This has been fixed in 0.48.1.

Further details exist here:
http://www.thomaskeller.biz/blog/2010/10/22/monotone-0-48-1-released-please-update-your-servers/

[Prev in Thread]

Current Thread

[Next in Thread]

[Monotone-debian] Bug#601850: monotone: Empty command string can be used to crash certain server configurations, Francis Russell <=

Prev by Date: [Monotone-debian] Bug#601700: exception bug occurring with libsqlite3-0 3.7.3-1
Next by Date: [Monotone-debian] monotone URIs
Previous by thread: [Monotone-debian] Bug#601700: exception bug occurring with libsqlite3-0 3.7.3-1
Next by thread: [Monotone-debian] monotone URIs
Index(es):
- Date
- Thread