bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS 1.11.5 Released <strong>(Security Update)</strong>


From: Billy O'Connor
Subject: Re: CVS 1.11.5 Released <strong>(Security Update)</strong>
Date: Mon, 20 Jan 2003 22:35:06 GMT
User-agent: Gnus/5.090013 (Oort Gnus v0.13) Emacs/21.3.50 (i686-pc-linux-gnu)

"Shankar Unni" <shankar@cotagesoft.com> writes:

>> CVS 1.11.5 has been released. This release fixes a major security
>> vulnerability in CVS. The Common Vulnerabilities and Exposures project
>
>> (cve.mitre.org <http://cve.mitre.org>) has assigned the name 
>> CAN-2003-0015 to this issue. See the text of CAN-2003-0015 
>> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0015> for more
>
>> information.
>
> Looks like someone's marked the CVE entry as "reserved", so we have no
> idea what this is about. There are literally 0 details on the CVE site,
> except the candidate number (not even a one-line description or the
> product affected).
>
> Someone care to at least summarize what the vulnerability is?
>
>
>

Users with read only access could gain write access.  There was
mention of a potential double free also.  That's what I got from
diffing 1.11.4 and 1.11.5.

-- 
Billy O'Connor
Editor, Beyond Linux From Scratch   http://beyond.linuxfromscratch.org
"Free software never simply picks up its marbles and goes home."
      - Jonathan Corbet, LWN


reply via email to

[Prev in Thread] Current Thread [Next in Thread]