[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Where to get CVS while cvshome.org is down
From: |
Derek Robert Price |
Subject: |
Re: Where to get CVS while cvshome.org is down |
Date: |
Thu, 27 May 2004 23:08:02 -0400 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040413 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Øyvind A. Holm wrote:
> I have all the CVS I personally need, :) but people should really
> upgrade if they are running pserver, so these files will remain on the
No, really! It's not just pserver that has this vulnerability! It's
any CVS client/server mechanism prior to 1.11.16 & 1.12.8 as long as
the attacker can authenticate.
The most common anonymous read-only accounts are implemented using
pserver, but this vulnerability is not limited to the CVS pserver!
Derek
- --
*8^)
Email: address@hidden
Get CVS support at <http://ximbiot.com>!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAtq0RLD1OTBfyMaQRArMNAJ92v0mDBlQ0BXFlcWbbDdy7SfjxuQCfUOB1
YCeDWZ65eP3TwSOnjpPUPrI=
=E4bn
-----END PGP SIGNATURE-----