[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Open-source defect reaches deep: 23-Jan-2003 Article on news.com
From: |
Greg Larkin |
Subject: |
Re: Open-source defect reaches deep: 23-Jan-2003 Article on news.com |
Date: |
28 Oct 2004 07:26:08 -0700 |
"Paras jain" <address@hidden> wrote in message news:<address@hidden>...
> Dear All,
>
> We as a company are moving from PVCS to CVS and one of our friend
> found below one article (A server bug in CVS)!
>
> Is this bug published at "http://news.com.com/2100-1001-981830.html"
>
> still in CVS or if removed then in which version it is removed? Please
> provide some light on it as it looks very severe?
>
> Thanks
> Paras
Hi Paras,
This is a very old security problem in CVS. It only affects versions
1.11.4 and less. Have a look at the original advisory here:
http://security.e-matters.de/advisories/012003.html/
Here is a more recent advisory:
http://security.e-matters.de/advisories/092004.html
In either case, if you download a recent version of the CVS software
from cvshome.org, you won't encounter these security problems.
Regards,
Greg
----
SourceHosting.net, LLC
Ready. Set. Code.
http://www.sourcehosting.net/