Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4098 to the following vulnerability: Name: CVE-2010-4098 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4098 Assigned: 20101027 Reference: CONFIRM: http://www.monotone.ca/NEWS Reference: BID:44383 Reference: URL: http://www.securityfocus.com/bid/44383 Reference: SECUNIA:41960 Reference: URL: http://secunia.com/advisories/41960 Reference: XF:monotone-commands-dos(62758) Reference: URL: http://xforce.iss.net/xforce/xfdb/62758 monotone before 0.48.1, when configured to allow remote commands, allows remote attackers to cause a denial of service (crash) via an empty argument to the mtn command. Fedora 13 and later have monotone 0.48.1, however Fedora 12 currently provides 0.45 and EPEL5 provides 0.42, so both of those versions require updates.
Created monotone tracking bugs for this issue Affects: fedora-12 [bug 647303]
Affected are F-13, F-14, Rawhide and EPEL-6, all currently on 0.48. Working on those now. Neither F-12 nor EPEL-5 are affected, as the 'remote' and 'remote_stdio' commands have been introduced in 0.46 (see http://www.monotone.ca/NEWS), so the bug only affects 0.46-0.48.
Updated packages in Rawhide and EPEL-6, submitted updates for F-13 and F14.
Sorry, I read my output wrong and thought F13+ were at 0.48.1 already (but they were at 0.48-1 instead). Thanks for catching that and submitting the appropriate updates.
Meanwhile, F13 and F14 updates have hit updates-stable, closing.