[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Cvs-cvs] Changes to ccvs/NEWS
From: |
Derek Robert Price |
Subject: |
[Cvs-cvs] Changes to ccvs/NEWS |
Date: |
Mon, 03 Oct 2005 11:56:17 -0400 |
Index: ccvs/NEWS
diff -u ccvs/NEWS:1.340 ccvs/NEWS:1.341
--- ccvs/NEWS:1.340 Fri Sep 30 20:14:48 2005
+++ ccvs/NEWS Mon Oct 3 15:56:13 2005
@@ -1,6 +1,15 @@
Changes since 1.12.12:
**********************
+SECURITY FIXES
+
+* CVS now uses version 1.2.3 of the ZLib compression libraries in order to
+ avoid two recently announced security vulnerabilities in them. Both may be
+ used for denial of service attacks and one may reportedly allow execution of
+ arbitrary code, though this is not confirmed. Please see the CERT
+ vulnerabilities advisories #238678 <http://www.kb.cert.org/vuls/id/238678> &
+ #680620 <http://www.kb.cert.org/vuls/id/680620> for more.
+
NEW FEATURES
* Thanks to Conrad Pino <address@hidden>, a hang in the Windows client, which
- [Cvs-cvs] Changes to ccvs/NEWS,
Derek Robert Price <=