Date: Wed, 14 Apr 2004 09:40:50 -0700 (PDT) From: Jacques Vidrine <nectar@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/gnu/usr.bin/cvs/cvs Makefile client.patch modules.patch Message-ID: <200404141640.i3EGeoYL098205@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
nectar 2004/04/14 09:40:50 PDT
FreeBSD src repository
Modified files:
gnu/usr.bin/cvs/cvs Makefile
Added files:
gnu/usr.bin/cvs/cvs client.patch modules.patch
Log:
Patch vulnerabilities in the CVS client and server:
A malicious CVS server could cause your CVS client to overwrite
arbitrary files (CAN-2004-0180).
When a CVS client uses the `-p' checkout option, the server could be
fooled into checking out files from outside the given $CVSROOT.
(This patch is applied in an unorthodox manner so as not to complicate
a later vendor import of CVS.)
Revision Changes Path
1.45 +10 -2 src/gnu/usr.bin/cvs/cvs/Makefile
1.1 +30 -0 src/gnu/usr.bin/cvs/cvs/client.patch (new)
1.1 +25 -0 src/gnu/usr.bin/cvs/cvs/modules.patch (new)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404141640.i3EGeoYL098205>