Date: Fri, 31 May 2002 09:20:03 -0700 (PDT) From: Alex Dupre <sysadmin@alexdupre.com> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/38765: CVS Daemon Vulnerability in 1.11.1p1 Message-ID: <200205311620.g4VGK3R46527@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/38765; it has been noted by GNATS. From: Alex Dupre <sysadmin@alexdupre.com> To: Makoto Matsushita <matusita@jp.FreeBSD.org> Cc: bug-followup@FreeBSD.org Subject: Re: bin/38765: CVS Daemon Vulnerability in 1.11.1p1 Date: Fri, 31 May 2002 18:15:49 +0200 Makoto Matsushita wrote: > Is this bug fixed *really* in cvs-1.11.2? How did you confirm that? > > According to http://ccvs.cvshome.org/source/browse/ccvs/src/rcs.c, rev > 1.259 is the fix. However, this change is occured *after* 1.11.2 was > released. And, cvs-1.11.1 doesn't have this code. Sorry if I'm wrong. Nope, you are right. I thought it was fixed in 1.11.2, as reported by securityfocus (http://online.securityfocus.com/bid/4829/solution/). But the truth is that it's been fixed later, after the release. So it's not enough to update to the latest release. -- Alex Dupre sysadmin@alexdupre.com http://www.alexdupre.com/ alex@sm.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205311620.g4VGK3R46527>