cvs commit: src/gnu/usr.bin/cvs/cvs Makefile client.patch
modules.patch
Jacques Vidrine
nectar at FreeBSD.org
Wed Apr 14 09:40:50 PDT 2004
nectar 2004/04/14 09:40:50 PDT
FreeBSD src repository
Modified files:
gnu/usr.bin/cvs/cvs Makefile
Added files:
gnu/usr.bin/cvs/cvs client.patch modules.patch
Log:
Patch vulnerabilities in the CVS client and server:
A malicious CVS server could cause your CVS client to overwrite
arbitrary files (CAN-2004-0180).
When a CVS client uses the `-p' checkout option, the server could be
fooled into checking out files from outside the given $CVSROOT.
(This patch is applied in an unorthodox manner so as not to complicate
a later vendor import of CVS.)
Revision Changes Path
1.45 +10 -2 src/gnu/usr.bin/cvs/cvs/Makefile
1.1 +30 -0 src/gnu/usr.bin/cvs/cvs/client.patch (new)
1.1 +25 -0 src/gnu/usr.bin/cvs/cvs/modules.patch (new)
More information about the cvs-src
mailing list