[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SECURITY BUG in CVS 1.11.1
From: |
Mark |
Subject: |
Re: SECURITY BUG in CVS 1.11.1 |
Date: |
Tue, 12 Feb 2002 08:45:28 -0800 (PST) |
posted last september to address@hidden, no response from CVS community so I
thought it was as designed. Anyhow, I wrote a taginfo trigger to validate user
is in writers file to compensate.
Subject: Readonly user can manipulate tags?
http://www.mail-archive.com/address@hidden/msg13105.html
--- Larry Jones <address@hidden> wrote:
> It has been brought to my attention that CVS 1.11.1 and 1.11.1p1 have a
> bug in pserver mode that allows read-only users to run the "tag"
> command. This allows read-only users to add and, more importantly, move
> or delete tags. The bug does not affect releases prior to 1.11.1 and
> has been fixed in the current development version. Anyone with a
> publicly-accessible pserver (or clumsy users) is urged to upgrade
> immediately.
>
> -Larry Jones
>
> I don't think math is a science, I think it's a religion. -- Calvin
>
> _______________________________________________
> Info-cvs mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/info-cvs
__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com