[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVS 1.11.5 Released <strong>(Security Update)</strong>
From: |
Steve Roberts |
Subject: |
Re: CVS 1.11.5 Released <strong>(Security Update)</strong> |
Date: |
Tue, 21 Jan 2003 13:53:18 -0800 |
User-agent: |
Mutt/1.2.5i |
On Mon, Jan 20, 2003 at 04:55:52PM -0500, Derek Robert Price wrote:
> > < ...>
> The CVE data should show up soon. We were delaying update of the CVE
> site in order to make sure that a patch would be available before a
> general vulnerability announcement.
>
> Without going into too much detail, the vulnerability allows read-only
> CVS users to execute arbitrary code as the user the CVS server
> executable is running as.
>
> Again, the CVE site should be updated with more detail soon.
>
> Derek
any ETA on this? as of 21:46 GMT (2003-01-21) the CVE site still
has no details. the reports on the net have lotsof conflicting information
as to the extent of the exploit.
Regards,
Steven Roberts