[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS 1.11.5 Released <strong>(Security Update)</strong>

From: Steve Roberts
Subject: Re: CVS 1.11.5 Released <strong>(Security Update)</strong>
Date: Tue, 21 Jan 2003 13:53:18 -0800
User-agent: Mutt/1.2.5i

On Mon, Jan 20, 2003 at 04:55:52PM -0500, Derek Robert Price wrote:
> > < ...>
> The CVE data should show up soon.  We were delaying update of the CVE 
> site in order to make sure that a patch would be available before a 
> general vulnerability announcement.
> Without going into too much detail, the vulnerability allows read-only 
> CVS users to execute arbitrary code as the user the CVS server 
> executable is running as.
> Again, the CVE site should be updated with more detail soon.
> Derek
any ETA on this?  as of 21:46 GMT (2003-01-21) the CVE site still
has no details.  the reports on the net have lotsof conflicting information
as to the extent of the exploit.

Steven Roberts

reply via email to

[Prev in Thread] Current Thread [Next in Thread]