Red Hat Bugzilla – Bug 111221
CAN-2003-0977 cvs file creation vulnerability
Last modified: 2014-01-21 17:48:44 EST
FYI: I have updated the FC1 cvs rpm to 1.11.9, rediffing all
applicable patches and making it tolerate --excludedocs installs.
The updated SRPM can be found at
cvs 1.11.10, a security update, is out. Upgraded package available:
Please consider applying this to FC1 and possibly earlier RH versions.
I believe my package could be used as-is except for changing the
0.fdr.X Release tag to 1.
looks like this one:
is also an issue.
Update to 1.11.11:
Well, I see there is an update in core/development so I'm pulling my
I find the complete lack of comments in this issue somewhat disturbing
though. An issue with security severity has sat in Bugzilla for a
month now, no comments. In the future, could you please comment on
Bugzilla entries like this in order to make it easier for people to
avoid unnecessary work?
redhat released an update for RH9, but not for FC1. as such, it's not
clear to me why this ticket is closed.