Debian Security Advisory: Package: cvsweb | Linux Today

Debian Security Advisory: Package: cvsweb

Written By
Web Webster
Web Webster
Jul 16, 2000

Date: Sun, 16 Jul 2000 02:40:24 -0400
From: Wichert Akkerman wichert@cistron.nl
To: debian-security-announce@lists.debian.org
Subject: [SECURITY] New version of cvsweb released

—–BEGIN PGP SIGNED MESSAGE—–


Debian Security Advisory                             security@debian.org
http://www.debian.org/security/                   Wichert Akkerman 
July 16, 2000

Package: cvsweb
Vulnerability type: remote shell
Debian-specific: no

The versions of cvsweb distributed in Debian GNU/Linux 2.1 (aka
slink) as well as in the frozen (potato) and unstable (woody)
distributions, are vulnerable to a remote shell exploit. An
attacker with write access to the cvs repository can execute
arbitrary code on the server, as the www-data user.

The vulnerability is fixed in version 109 of cvsweb for the
current stable release (Debian 2.1), in version 1.79-3potato1 for
the frozen distribution, and in version 1.86-1 for the unstable
distribution.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

Debian GNU/Linux 2.1 alias slink


Source archives:

http://security.debian.org/dists/stable/updates/source/cvsweb_109.dsc

MD5 checksum: b1810728310882fb72078674521ee369

http://security.debian.org/dists/stable/updates/source/cvsweb_109.tar.gz

MD5 checksum: 4c42ec3ba7248fc2499cdfaa6ae6b702

Architecture indendent archives:

http://security.debian.org/dists/stable/updates/binary-all/cvsweb_109_all.deb

MD5 checksum: fe9144254ab224923ac627aef7ec2167

Debian GNU/Linux 2.2 alias potato


Please note that potato has not been released yet.

Source archives:

http://http.us.debian.org/debian/dists/potato/main/source/devel/cvsweb_1.79-3potato1.diff.gz

MD5 checksum: 9dcb469f5da602cd53e41258febba244

http://http.us.debian.org/debian/dists/potato/main/source/devel/cvsweb_1.79-3potato1.dsc

MD5 checksum: b4aceba93a6721486f8ca42f230c7271

http://http.us.debian.org/debian/dists/potato/main/source/devel/cvsweb_1.79.orig.tar.gz

MD5 checksum: c755a4c75d4c8844274458ae5953823b

Binary package for all architectures:

http://http.us.debian.org/debian/dists/potato/main/binary-all/devel/cvsweb_1.79-3potato1.deb

MD5 checksum: 1b89d61312925ee7934108c4f638d912

Debian GNU/Linux unstable alias woody


Please note that woody has not been released yet.

Source archives:

http://http.us.debian.org/debian/dists/woody/main/source/devel/cvsweb_1.86-1.diff.gz

MD5 checksum: e3fc2117d689746eaa2cf4c8a701aa4e

http://http.us.debian.org/debian/dists/woody/main/source/devel/cvsweb_1.86-1.dsc

MD5 checksum: 0b2b9bf0b1fe39552da03698ba37bc36

http://http.us.debian.org/debian/dists/woody/main/source/devel/cvsweb_1.86.orig.tar.gz

MD5 checksum: ea93ed274ec6fbd49cec57c759747cb7

Binary package for all architectures:

http://http.us.debian.org/debian/dists/woody/main/binary-all/devel/cvsweb_1.86-1.deb

MD5 checksum: a99c605e0d77f1c56a82c95a3dc6d83f


For apt-get: deb
http://security.debian.org/
stable updates
For dpkg-ftp:
ftp://security.debian.org/debian-security
dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBOXFYwajZR/ntlUftAQH1KwL/WH/WLKH+OXFE/Ut+QDy5/NEEtjsAGn8K
ptgWr+AFj9H4Ih/UoX//VfWKNpVNCZFfucFPd+ohFLiy+1yfrrCQMQXjgA7CYw2L
w1Im7OXJBrK/y6NiiRNijCDOyC1nDofd
=U5iJ
-----END PGP SIGNATURE-----
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.