Slackware Linux Advisory: cvs Jun 10, 2004, 03 :59 UTC (0 Talkback[s]) (2310 reads)
[slackware-security] cvs (SSA:2004-161-01)
New cvs packages that have been upgraded to cvs-1.11.17 are available
for Slackware 8.1, 9.0, 9.1, and -current to fix various security
issues. Sites running a CVS server should upgrade to the new CVS
package right away.
More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Wed Jun 9 11:35:15 PDT 2004
patches/packages/cvs-1.11.17-i486-1.tgz: Upgraded to cvs-1.11.17.
From the cvs NEWS file:
Thanks to Stefan Esser & Sebastian Krahmer, several potential security
problems have been fixed. The ones which were considered dangerous enough
to catalogue were assigned issue numbers CAN-2004-0416, CAN-2004-0417, &
CAN-2004-0418 by the Common Vulnerabilities and Exposures Project. Please
see <http://www.cve.mitre.org>; for more information.
A potential buffer overflow vulnerability in the server has been fixed.
This addresses the Common Vulnerabilities and Exposures Project's issue
CAN-2004-0414. Please see <http://www.cve.mitre.org>; for more information.
(* Security fix *)
+--------------------------+
