Re: CVS 1.11.5 Released (Security Update)

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS 1.11.5 Released (Security Update)

From:	Steve Roberts
Subject:	Re: CVS 1.11.5 Released <strong>(Security Update)</strong>
Date:	Tue, 21 Jan 2003 13:53:18 -0800
User-agent:	Mutt/1.2.5i

On Mon, Jan 20, 2003 at 04:55:52PM -0500, Derek Robert Price wrote:
> > < ...>
> The CVE data should show up soon.  We were delaying update of the CVE 
> site in order to make sure that a patch would be available before a 
> general vulnerability announcement.
> 
> Without going into too much detail, the vulnerability allows read-only 
> CVS users to execute arbitrary code as the user the CVS server 
> executable is running as.
> 
> Again, the CVE site should be updated with more detail soon.
> 
> Derek
any ETA on this?  as of 21:46 GMT (2003-01-21) the CVE site still
has no details.  the reports on the net have lotsof conflicting information
as to the extent of the exploit.

Regards,
Steven Roberts

[Prev in Thread]

Current Thread

[Next in Thread]

CVS 1.11.5 Released (Security Update), Derek Robert Price, 2003/01/20
- RE: CVS 1.11.5 Released (Security Update), Shankar Unni, 2003/01/20
 - Re: CVS 1.11.5 Released (Security Update), Derek Robert Price, 2003/01/20
 - Re: CVS 1.11.5 Released (Security Update), Steve Roberts <=
- Re: CVS 1.11.5 Released (Security Update), Derek Robert Price, 2003/01/20
- Re: CVS 1.11.5 Released (Security Update), Todd Denniston, 2003/01/21
 - Re: CVS 1.11.5 Released (Security Update), Larry Jones, 2003/01/21
 - Re: CVS 1.11.5 Released (Security Update), Todd Denniston, 2003/01/21

Prev by Date: Re: error with checkout
Next by Date: Re: CVSROOT write permission vulnerability
Previous by thread: Re: CVS 1.11.5 Released (Security Update)
Next by thread: Re: CVS 1.11.5 Released (Security Update)
Index(es):
- Date
- Thread

Re: CVS 1.11.5 Released <strong>(Security Update)</strong>