From owner-freebsd-security@FreeBSD.ORG Tue Sep 14 08:16:44 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 776B816A4CF for ; Tue, 14 Sep 2004 08:16:44 +0000 (GMT) Received: from smtp.atlantis.dp.ua (smtp.atlantis.dp.ua [193.108.46.231]) by mx1.FreeBSD.org (Postfix) with ESMTP id D811A43D31 for ; Tue, 14 Sep 2004 08:16:42 +0000 (GMT) (envelope-from dmitry@atlantis.dp.ua) Received: from smtp.atlantis.dp.ua (smtp.atlantis.dp.ua [193.108.46.231]) by smtp.atlantis.dp.ua (8.12.6p2/8.12.6) with ESMTP id i8E8GVes095615 for ; Tue, 14 Sep 2004 11:16:31 +0300 (EEST) (envelope-from dmitry@atlantis.dp.ua) Date: Thu, 9 Sep 2004 13:38:41 +0300 (EEST) From: Dmitry Pryanishnikov To: freebsd-security@freebsd.org Message-ID: <20040909133319.A41151@atlantis.atlantis.dp.ua> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed ReSent-Date: Tue, 14 Sep 2004 11:16:27 +0300 (EEST) Resent-From: Dmitry Pryanishnikov Resent-To: freebsd-security@freebsd.org ReSent-Subject: multiple vulnerabilities in the cvs server code ReSent-Message-ID: <20040914111627.F69813@atlantis.atlantis.dp.ua> Subject: multiple vulnerabilities in the cvs server code X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2004 08:16:44 -0000 Hello! Port security/portaudit reports the following problem: Affected package: FreeBSD-491000 Type of problem: multiple vulnerabilities in the cvs server code. Reference: Note: To disable this check add the uuid to `portaudit_fixed' in /usr/local/etc/portaudit.conf I have 2 related questions: 1) What are current plans to fix these vulnerabilities? 2) Are the FreeBSD public CVS servers trustworthy now? Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE