Bug 152715 - CVS security patches (CAN-2004-0180, CAN-2002-0844)
CVS security patches (CAN-2004-0180, CAN-2002-0844)
Status: CLOSED DUPLICATE
Product: Fedora Legacy
Classification: Retired
Component: Package request (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-05-10 07:55 EDT by David Lawrence
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:24:59 EST
I built 2 source RPMs for the actual security issues in the package CVS 
(CAN-2004-0180, CAN-2002-0844), the patches are taken from RHEL.

Fixed in all RHELs and RH9:
https://rhn.redhat.com/errata/RHSA-2004-154.html
https://rhn.redhat.com/errata/RHSA-2004-153.html

Changelog in the RPM for Red Hat Linux 7.2 and 7.3:
- added 2 fixes from Derek Robert Price for client-trusts-server
  vulnerability in handling of filename paths (CAN-2004-0180)
- added patch for disallowing "CVS" as name of files or directories being
  imported, 1.11.2-to-1.11.14 maintain patch
- included fix for CAN-2002-0844, an off-by-one in sscanf call

http://labs.linuxnetz.de/~fedoralegacy/redhat-7.2/cvs-1.11.1p1-10.7.legacy.src.rpm
http://labs.linuxnetz.de/~fedoralegacy/redhat-7.2/cvs-1.11.1p1-10.7.legacy.src.rpm.asc


Changelog in the RPM for Red Hat Linux 8.0:
- added 2 fixes from Derek Robert Price for client-trusts-server
  vulnerability in handling of filename paths (CAN-2004-0180)
- added patch for disallowing "CVS" as name of files or directories being
  imported, 1.11.2-to-1.11.14 maintain patch

http://labs.linuxnetz.de/~fedoralegacy/redhat-8.0/cvs-1.11.2-10.legacy.src.rpm
http://labs.linuxnetz.de/~fedoralegacy/redhat-8.0/cvs-1.11.2-10.legacy.src.rpm.asc

Please test the RPMs... :)



------- Additional Comments From jkeating@j2solutions.net 2004-05-10 08:16:02 ----



*** This bug has been marked as a duplicate of 1485 ***



------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:24 -------

This bug previously known as bug 1584 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=1584
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P1. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Unknown severity critical. Setting to default severity "normal".
The original reporter of this bug does not have
   an account here. Reassigning to the person who moved
   it here, dkl@redhat.com.
   Previous reporter was fedora-bugzilla@linuxnetz.de.
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.


Note You need to log in before you can comment on or make changes to this bug.