[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: SECURITY BUG in CVS 1.11.1
From: |
Douglas Finkle |
Subject: |
RE: SECURITY BUG in CVS 1.11.1 |
Date: |
Tue, 12 Feb 2002 15:06:30 -0500 |
> It has been brought to my attention that CVS 1.11.1 and
> 1.11.1p1 have a
> bug in pserver mode that allows read-only users to run the "tag"
> command. This allows read-only users to add and, more
> importantly, move
> or delete tags. The bug does not affect releases prior to 1.11.1 and
> has been fixed in the current development version. Anyone with a
> publicly-accessible pserver (or clumsy users) is urged to upgrade
> immediately.
Sorry, but can you provide a reference url, or ftp path for this update?
I checked out on http://ccvs.cvshome.org/servlets/ProjectDownloadList
and the last version posted was v1.11p1 on 2001-10-16.
Thanks,
Doug