[Cvs-cvs] Changes to ccvs/NEWS

cvs-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Cvs-cvs] Changes to ccvs/NEWS

From:	Derek Robert Price
Subject:	[Cvs-cvs] Changes to ccvs/NEWS
Date:	Mon, 03 Oct 2005 11:56:17 -0400

Index: ccvs/NEWS
diff -u ccvs/NEWS:1.340 ccvs/NEWS:1.341
--- ccvs/NEWS:1.340     Fri Sep 30 20:14:48 2005
+++ ccvs/NEWS   Mon Oct  3 15:56:13 2005
@@ -1,6 +1,15 @@
 Changes since 1.12.12:
 **********************
 
+SECURITY FIXES
+
+* CVS now uses version 1.2.3 of the ZLib compression libraries in order to
+  avoid two recently announced security vulnerabilities in them.  Both may be
+  used for denial of service attacks and one may reportedly allow execution of
+  arbitrary code, though this is not confirmed.  Please see the CERT
+  vulnerabilities advisories #238678 <http://www.kb.cert.org/vuls/id/238678> &
+  #680620 <http://www.kb.cert.org/vuls/id/680620> for more.
+
 NEW FEATURES
 
 * Thanks to Conrad Pino <address@hidden>, a hang in the Windows client, which

[Prev in Thread]

Current Thread

[Next in Thread]

[Cvs-cvs] Changes to ccvs/NEWS, Derek Robert Price <=
- [Cvs-cvs] Changes to ccvs/NEWS, Derek Robert Price, 2005/10/03
- [Cvs-cvs] Changes to ccvs/NEWS, Derek Robert Price, 2005/10/28

Prev by Date: [Cvs-cvs] Changes to ccvs/ChangeLog
Next by Date: [Cvs-cvs] Changes to ccvs/configure
Previous by thread: [Cvs-cvs] Changes to ccvs/ChangeLog
Next by thread: [Cvs-cvs] Changes to ccvs/NEWS
Index(es):
- Date
- Thread