[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Stable CVS Version 1.11.11 Released! <strong>(security update)</stro
From: |
Tom Copeland |
Subject: |
Re: Stable CVS Version 1.11.11 Released! <strong>(security update)</strong> |
Date: |
Fri, 19 Dec 2003 10:48:47 -0500 |
Hi Derek -
Just wondering if you've had a chance to put together the source RPMs
yet...
Thanks,
Tom
On Thu, 2003-12-18 at 16:48, Derek Robert Price wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Stable CVS 1.11.11 has been released. Stable releases contain only bug
> fixes from previous versions of CVS. This release adds code to the CVS
> server to prevent it from continuing as root after a user login, as an
> extra failsafe against a compromise of the CVSROOT/passwd file.
> Previously, any user with the ability to write the CVSROOT/passwd file
> could execute arbitrary code as the root user on systems with CVS
> pserver access enabled. We recommend this upgrade for all CVS servers!
>
> Take a look at the NEWS file
> <<http://ccvs.cvshome.org/source/browse/ccvs/NEWS?rev=1.116.2.45&content-type=text/x-cvsweb-markup>
> from the source distribution or go directly to the downloads page
> <http://ccvs.cvshome.org/servlets/ProjectDownloadList>.
>
>
> MD5 Sum:
>
> e2ceb57c06dc532d0156bdba687073c9 cvs-1.11.11.tar.bz2
>
> Derek
> Public key availble from <http:/./pgp.mit.edu>
> Public key fingerprint: CB6A 07CA 90C5 4234 E8A3 C8D0 2C3D 4E4C 17F2 31A4.
>
> - --
> *8^)
>
> Email: address@hidden
>
> Get CVS support at <http://ximbiot.com>!
> - --
> There are three kinds of men. The ones that learn by reading and the
> few who learn by observation. The rest of them have to pee on the
> electric fence.
>
> - Will Rogers
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
> Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org
>
> iD8DBQE/4iC9LD1OTBfyMaQRAkH+AJ4hoR6y3oAtgEqqxxpFI1Gd2hARFwCg9W1a
> ii041122dO3/UlGe4oKy988=
> =Joxc
> -----END PGP SIGNATURE-----
>
>
>
>
> _______________________________________________
> Info-cvs mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/info-cvs
--
Tom Copeland <address@hidden>
InfoEther