[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security Issues with WinCVS, TortoiseCVS, CVSNT.

From: Arthur Barrett
Subject: Security Issues with WinCVS, TortoiseCVS, CVSNT.
Date: Thu, 9 Apr 2015 15:53:18 +1100

If you are using CVS 1.10 or CVS 1.11 server *and* client this message
does not concern you.

Just a quick reminder that the 'old' versions of CVSNT 2.0 and 2.5
shipped with TortoiseCVS and WinCVS have known security vulnerabilities:

If you are using WinCVS or TortoiseCVS, then CVSNT is the software that
actually does the 'checkout' and 'commit' operations - you can 'see' it
running in the 'progress' window.  CVSNT is bundled with some copies of
WinCVS and all copies of TortoiseCVS.  WinCVS is the 'GUI' that gives
you the drop down menus etc. and TortoiseCVS gives you the right click
menu and the dialog boxes, CVSNT does the version control.  

In particular the CVSNT client (and hence WinCVS and TortoiseCVS) is
susceptible to the recent 'FREAK' SSL bug.  CVSNT servers are also

CVS Suite 2009R2 (CVSNT 2.8.01) was updated on 30th March 2015 to
resolve this.  

CVS Suite 2009R2 client contains TortoiseCVS, WinCVS, CVS Suite Studio,
Release Manager etc. and is compatible with Windows 8, Windows 7,
Windows Vista and Windows XP.  

CVS Suite 2009R2 command line client is compatible with Windows, Mac and

CVS Suite 2009R2 server contains the high performance server service,
integration with Jira, Bugzilla and Mantis, failsafe audit, change and
merge tracking and is compatible with Linux, Mac, and Windows Server
2012R2, Windows Server 2012, Windows Server 2008R2, Windows Server 2008
and Windows Server 2003.

For more information please contact address@hidden


Arthur Barrett
Product Manager
March Hare Software
authors of CVSNT since 2004

reply via email to

[Prev in Thread] Current Thread [Next in Thread]