Package: cvs Version: 1:1.12.9-11 Severity: important As reported at http://www.securityfocus.com/bid/13217 there are "Unspecified Buffer Overflow And Memory Access Vulnerabilities". Not too many details available at the moment. The above web page says:
> CVS is prone to unspecified buffer overflow, memory access > vulnerabilities, and a NULL pointer dereference denial of service. > It is conjectured that the issues may be leveraged by a remote > authenticated user to disclose regions of the CVS process memory, and > to corrupt CVS process memory. The two issues combined may lead to a > remote attacker reliably executing arbitrary code in the context of > the vulnerable process, although this is not confirmed. > This BID will be updated as soon as further information is made > available. It also lists versions of cvs from 1.11.5 to 1.11.19 and 1.12.1 to 1.12.11 as vulnerable. This may mean that woody (1.11.1) is clean. Fedora, FreeBSD, Gentoo, and others have released advisories. I think Gentoo have patches with their bug reports, but I'm not sure that they've got all the patches, or what version they patch against. Geoff Crompton -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
