[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVS 1.11.5 Released <strong>(Security Update)</strong>
From: |
Billy O'Connor |
Subject: |
Re: CVS 1.11.5 Released <strong>(Security Update)</strong> |
Date: |
Mon, 20 Jan 2003 22:35:06 GMT |
User-agent: |
Gnus/5.090013 (Oort Gnus v0.13) Emacs/21.3.50 (i686-pc-linux-gnu) |
"Shankar Unni" <shankar@cotagesoft.com> writes:
>> CVS 1.11.5 has been released. This release fixes a major security
>> vulnerability in CVS. The Common Vulnerabilities and Exposures project
>
>> (cve.mitre.org <http://cve.mitre.org>) has assigned the name
>> CAN-2003-0015 to this issue. See the text of CAN-2003-0015
>> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0015> for more
>
>> information.
>
> Looks like someone's marked the CVE entry as "reserved", so we have no
> idea what this is about. There are literally 0 details on the CVE site,
> except the candidate number (not even a one-line description or the
> product affected).
>
> Someone care to at least summarize what the vulnerability is?
>
>
>
Users with read only access could gain write access. There was
mention of a potential double free also. That's what I got from
diffing 1.11.4 and 1.11.5.
--
Billy O'Connor
Editor, Beyond Linux From Scratch http://beyond.linuxfromscratch.org
"Free software never simply picks up its marbles and goes home."
- Jonathan Corbet, LWN