info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SECURITY BUG in CVS 1.11.1


From: Douglas Finkle
Subject: RE: SECURITY BUG in CVS 1.11.1
Date: Tue, 12 Feb 2002 15:06:30 -0500

> It has been brought to my attention that CVS 1.11.1 and 
> 1.11.1p1 have a
> bug in pserver mode that allows read-only users to run the "tag"
> command.  This allows read-only users to add and, more 
> importantly, move
> or delete tags.  The bug does not affect releases prior to 1.11.1 and
> has been fixed in the current development version.  Anyone with a
> publicly-accessible pserver (or clumsy users) is urged to upgrade
> immediately.


Sorry, but can you provide a reference url, or ftp path for this update?
I checked out on http://ccvs.cvshome.org/servlets/ProjectDownloadList
and the last version posted was v1.11p1 on 2001-10-16.

Thanks,
Doug



reply via email to

[Prev in Thread] Current Thread [Next in Thread]