Date: Wed, 14 Apr 2004 09:40:50 -0700 (PDT) From: Jacques Vidrine <nectar@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/gnu/usr.bin/cvs/cvs Makefile client.patch modules.patch Message-ID: <200404141640.i3EGeoYL098205@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
nectar 2004/04/14 09:40:50 PDT FreeBSD src repository Modified files: gnu/usr.bin/cvs/cvs Makefile Added files: gnu/usr.bin/cvs/cvs client.patch modules.patch Log: Patch vulnerabilities in the CVS client and server: A malicious CVS server could cause your CVS client to overwrite arbitrary files (CAN-2004-0180). When a CVS client uses the `-p' checkout option, the server could be fooled into checking out files from outside the given $CVSROOT. (This patch is applied in an unorthodox manner so as not to complicate a later vendor import of CVS.) Revision Changes Path 1.45 +10 -2 src/gnu/usr.bin/cvs/cvs/Makefile 1.1 +30 -0 src/gnu/usr.bin/cvs/cvs/client.patch (new) 1.1 +25 -0 src/gnu/usr.bin/cvs/cvs/modules.patch (new)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404141640.i3EGeoYL098205>