Re: Stable CVS Version 1.11.11 Released! <strong>(security update)</strong>

[Tom Copeland]

Hi Derek -

Just wondering if you've had a chance to put together the source RPMs
yet...

Thanks,

Tom

On Thu, 2003-12-18 at 16:48, Derek Robert Price wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Stable CVS 1.11.11 has been released.  Stable releases contain only bug
> fixes from previous versions of CVS.  This release adds code to the CVS
> server to prevent it from continuing as root after a user login, as an
> extra failsafe against a compromise of the CVSROOT/passwd file.
> Previously, any user with the ability to write the CVSROOT/passwd file
> could execute arbitrary code as the root user on systems with CVS
> pserver access enabled.  We recommend this upgrade for all CVS servers!
> 
> Take a look at the NEWS file
> <<http://ccvs.cvshome.org/source/browse/ccvs/NEWS?rev=1.116.2.45&content-type=text/x-cvsweb-markup>
> from the source distribution or go directly to the downloads page
> <http://ccvs.cvshome.org/servlets/ProjectDownloadList>.
> 
> 
> MD5 Sum:
> 
> e2ceb57c06dc532d0156bdba687073c9  cvs-1.11.11.tar.bz2
> 
> Derek
> Public key availble from <http:/./pgp.mit.edu>
> Public key fingerprint: CB6A 07CA 90C5 4234 E8A3 C8D0 2C3D 4E4C 17F2 31A4.
> 
> - --
>                 *8^)
> 
> Email: address@hidden
> 
> Get CVS support at <http://ximbiot.com>!
> - --
> There are three kinds of men. The ones that learn by reading and the
> few who learn by observation. The rest of them have to pee on the
> electric fence.
> 
>             - Will Rogers
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
> Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org
> 
> iD8DBQE/4iC9LD1OTBfyMaQRAkH+AJ4hoR6y3oAtgEqqxxpFI1Gd2hARFwCg9W1a
> ii041122dO3/UlGe4oKy988=
> =Joxc
> -----END PGP SIGNATURE-----
> 
> 
> 
> 
> _______________________________________________
> Info-cvs mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/info-cvs
-- 
Tom Copeland <address@hidden>
InfoEther