cvs commit: src/contrib/cvs/src client.c modules.c
Jacques Vidrine
nectar at FreeBSD.org
Thu Apr 15 08:35:28 PDT 2004
nectar 2004/04/15 08:35:27 PDT
FreeBSD src repository
Modified files: (Branch: RELENG_4)
contrib/cvs/src client.c modules.c
Log:
MFC: Patch vulnerabilities in the CVS client and server:
A malicious CVS server could cause your CVS client to overwrite
arbitrary files (CAN-2004-0180).
When a CVS client uses the `-p' checkout option, the server could be
fooled into checking out files from outside the given $CVSROOT.
Submitted by: Derek Robert Price <derek at ximbiot.com>
Approved by: re
Revision Changes Path
1.2.2.7 +14 -1 src/contrib/cvs/src/client.c
1.1.1.5.2.4 +8 -0 src/contrib/cvs/src/modules.c
More information about the cvs-all
mailing list