Bug 152715 - CVS security patches (CAN-2004-0180, CAN-2002-0844)
Summary: CVS security patches (CAN-2004-0180, CAN-2002-0844)
Keywords:
Status: CLOSED DUPLICATE of bug 2040112
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: Package request
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-05-10 11:55 UTC by David Lawrence
Modified: 2008-05-01 15:38 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description David Lawrence 2005-03-30 23:24:59 UTC 
I built 2 source RPMs for the actual security issues in the package CVS 
(CAN-2004-0180, CAN-2002-0844), the patches are taken from RHEL.

Fixed in all RHELs and RH9:
https://rhn.redhat.com/errata/RHSA-2004-154.html
https://rhn.redhat.com/errata/RHSA-2004-153.html

Changelog in the RPM for Red Hat Linux 7.2 and 7.3:
- added 2 fixes from Derek Robert Price for client-trusts-server
  vulnerability in handling of filename paths (CAN-2004-0180)
- added patch for disallowing "CVS" as name of files or directories being
  imported, 1.11.2-to-1.11.14 maintain patch
- included fix for CAN-2002-0844, an off-by-one in sscanf call

http://labs.linuxnetz.de/~fedoralegacy/redhat-7.2/cvs-1.11.1p1-10.7.legacy.src.rpm
http://labs.linuxnetz.de/~fedoralegacy/redhat-7.2/cvs-1.11.1p1-10.7.legacy.src.rpm.asc


Changelog in the RPM for Red Hat Linux 8.0:
- added 2 fixes from Derek Robert Price for client-trusts-server
  vulnerability in handling of filename paths (CAN-2004-0180)
- added patch for disallowing "CVS" as name of files or directories being
  imported, 1.11.2-to-1.11.14 maintain patch

http://labs.linuxnetz.de/~fedoralegacy/redhat-8.0/cvs-1.11.2-10.legacy.src.rpm
http://labs.linuxnetz.de/~fedoralegacy/redhat-8.0/cvs-1.11.2-10.legacy.src.rpm.asc

Please test the RPMs... :)



------- Additional Comments From jkeating 2004-05-10 08:16:02 ----



*** This bug has been marked as a duplicate of 1485 ***



------- Bug moved to this database by dkl 2005-03-30 18:24 -------

This bug previously known as bug 1584 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=1584
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P1. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Unknown severity critical. Setting to default severity "normal".
The original reporter of this bug does not have
   an account here. Reassigning to the person who moved
   it here, dkl.
   Previous reporter was fedora-bugzilla.
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.
Note You need to log in before you can comment on or make changes to this bug.