SECURITY BUG in CVS 1.11.1

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SECURITY BUG in CVS 1.11.1

From:	Larry Jones
Subject:	SECURITY BUG in CVS 1.11.1
Date:	Mon, 11 Feb 2002 17:04:47 -0500 (EST)

It has been brought to my attention that CVS 1.11.1 and 1.11.1p1 have a
bug in pserver mode that allows read-only users to run the "tag"
command.  This allows read-only users to add and, more importantly, move
or delete tags.  The bug does not affect releases prior to 1.11.1 and
has been fixed in the current development version.  Anyone with a
publicly-accessible pserver (or clumsy users) is urged to upgrade
immediately.

-Larry Jones

I don't think math is a science, I think it's a religion. -- Calvin

[Prev in Thread]

Current Thread

[Next in Thread]

SECURITY BUG in CVS 1.11.1, Larry Jones <=
- Re: SECURITY BUG in CVS 1.11.1, Mark, 2002/02/12
  - Re: SECURITY BUG in CVS 1.11.1, Larry Jones, 2002/02/12
- RE: SECURITY BUG in CVS 1.11.1, Douglas Finkle, 2002/02/12
  - Re: SECURITY BUG in CVS 1.11.1, Larry Jones, 2002/02/12
- RE: SECURITY BUG in CVS 1.11.1, Douglas Finkle, 2002/02/12
  - Re: SECURITY BUG in CVS 1.11.1, Larry Jones, 2002/02/12

Prev by Date: Re: Newbie question: cannot open CVS/Root: No such file or directory error
Next by Date: Tag made on a Branch
Previous by thread: Running CVS updates via CGI
Next by thread: Re: SECURITY BUG in CVS 1.11.1
Index(es):
- Date
- Thread