Bug 111221 - CAN-2003-0977 cvs file creation vulnerability
CAN-2003-0977 cvs file creation vulnerability
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: cvs (Show other bugs)
1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Ben Levenson
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-11-30 10:14 EST by Ville Skyttä
Modified: 2014-01-21 17:48 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-01-13 15:18:23 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ville Skyttä 2003-11-30 10:14:40 EST
FYI: I have updated the FC1 cvs rpm to 1.11.9, rediffing all
applicable patches and making it tolerate --excludedocs installs.

The updated SRPM can be found at
http://cachalot.mine.nu/1/SRPMS.fdr/cvs-1.11.9-0.fdr.2.src.rpm
Comment 1 Ville Skyttä 2003-12-14 14:10:26 EST
cvs 1.11.10, a security update, is out.  Upgraded package available:
http://cachalot.mine.nu/1/SRPMS.fdr/cvs-1.11.10-0.fdr.1.src.rpm

Please consider applying this to FC1 and possibly earlier RH versions.
 I believe my package could be used as-is except for changing the
0.fdr.X Release tag to 1.
Comment 2 Seth Vidal 2003-12-31 00:41:57 EST
looks like this one:
http://ccvs.cvshome.org/servlets/NewsItemView?newsID=88

is also an issue.

Comment 3 Ville Skyttä 2003-12-31 03:17:35 EST
Update to 1.11.11:
http://cachalot.mine.nu/1/SRPMS.fdr/cvs-1.11.11-0.fdr.1.src.rpm
Comment 4 Ville Skyttä 2004-01-13 15:18:23 EST
Well, I see there is an update in core/development so I'm pulling my
package.

I find the complete lack of comments in this issue somewhat disturbing
though.  An issue with security severity has sat in Bugzilla for a
month now, no comments.  In the future, could you please comment on
Bugzilla entries like this in order to make it easier for people to
avoid unnecessary work?
Comment 5 Peter E. Popovich 2004-03-03 12:14:17 EST
redhat released an update for RH9, but not for FC1. as such, it's not
clear to me why this ticket is closed.

Note You need to log in before you can comment on or make changes to this bug.