Date: Thu, 15 Apr 2004 08:35:27 -0700 (PDT) From: Jacques Vidrine <nectar@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/contrib/cvs/src client.c modules.c Message-ID: <200404151535.i3FFZRl7018147@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
nectar 2004/04/15 08:35:27 PDT
FreeBSD src repository
Modified files: (Branch: RELENG_4)
contrib/cvs/src client.c modules.c
Log:
MFC: Patch vulnerabilities in the CVS client and server:
A malicious CVS server could cause your CVS client to overwrite
arbitrary files (CAN-2004-0180).
When a CVS client uses the `-p' checkout option, the server could be
fooled into checking out files from outside the given $CVSROOT.
Submitted by: Derek Robert Price <derek@ximbiot.com>
Approved by: re
Revision Changes Path
1.2.2.7 +14 -1 src/contrib/cvs/src/client.c
1.1.1.5.2.4 +8 -0 src/contrib/cvs/src/modules.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404151535.i3FFZRl7018147>