130038 – CAN-2004-0778 CVS information disclosure

Bug 130038 - CAN-2004-0778 CVS information disclosure

Summary: CAN-2004-0778 CVS information disclosure

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	cvs
Sub Component:
Version:	3.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Eido Inoue
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-08-16 18:33 UTC by Josh Bressers
Modified:	2007-11-30 22:07 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2004-08-17 08:56:50 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Josh Bressers 2004-08-16 18:33:33 UTC

iDEFENSE has discovered an information disclosure issue with the cvs
'history' command.

More information here:
http://www.idefense.com/application/poi/display?id=130&type=vulnerabilities&flashstatus=true

This issue should also affect RHEL2.1

Comment 1 Mark J. Cox 2004-08-17 08:56:50 UTC

https://ccvs.cvshome.org/source/browse/ccvs/src/history.c?r1=1.73&r2=1.74

This issue was actually fixed by the Krahmer/Esser backported patches
included in our last security update on June9th.  Therefore Red Hat
Enterprise Linux is not vulnerable to this issue.

Note You need to log in before you can comment on or make changes to this bug.