[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVS Feature Version 1.12.3 Released! <stong>(security update)</stron
From: |
Steve McIntyre |
Subject: |
Re: CVS Feature Version 1.12.3 Released! <stong>(security update)</strong> |
Date: |
Fri, 2 Jan 2004 19:11:22 +0000 |
User-agent: |
Mutt/1.5.4i |
On Mon, Dec 15, 2003 at 10:24:47PM -0500, Derek Robert Price wrote:
>Steve McIntyre wrote:
>
>>Derek, are you sure the simple fix in modules.c to check for
>>!isabsolute() will fix the hole here? What about people specifying
>>../../../../../../<something> ? Probably the easiest fix for that is
>>to modify isabsolute() to check for .. entries in the path
>>specified.
>>
>>Thoughts?
>
>
>If you can send me a reproducible case where CVS doesn't abort with an
>error, I'll be happy to look into it, but I am pretty sure CVS has been
>catching the indirection case for years. Go ahead and try it.
Yup, you're right:
tack:/tmp/test$ cvs -d /home/cvs co ../cvs/test
cvs checkout: in directory ../cvs/test:
cvs checkout: `..'-relative repositories are not supported.
cvs [checkout aborted]: illegal source repository
--
Steve McIntyre, Cambridge, UK. address@hidden
We don't need no education.
We don't need no thought control.
signature.asc
Description: Digital signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: CVS Feature Version 1.12.3 Released! <stong>(security update)</strong>,
Steve McIntyre <=