[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SECURITY BUG in CVS 1.11.1

From: Mark
Subject: Re: SECURITY BUG in CVS 1.11.1
Date: Tue, 12 Feb 2002 08:45:28 -0800 (PST)

posted last september to address@hidden, no response from CVS community so I
thought it was as designed. Anyhow, I wrote a taginfo trigger to validate user
is in writers file to compensate.

Subject: Readonly user can manipulate tags?

--- Larry Jones <address@hidden> wrote:
> It has been brought to my attention that CVS 1.11.1 and 1.11.1p1 have a
> bug in pserver mode that allows read-only users to run the "tag"
> command.  This allows read-only users to add and, more importantly, move
> or delete tags.  The bug does not affect releases prior to 1.11.1 and
> has been fixed in the current development version.  Anyone with a
> publicly-accessible pserver (or clumsy users) is urged to upgrade
> immediately.
> -Larry Jones
> I don't think math is a science, I think it's a religion. -- Calvin
> _______________________________________________
> Info-cvs mailing list
> address@hidden

Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!

reply via email to

[Prev in Thread] Current Thread [Next in Thread]