Package: gcvs Severity: normal Tags: security
Gcvs, since it uses the CVS sources, is missing patches for some security issues, such as CAN-2005-0753. Even though the program itself might not be vulnerable to the remote buffer overflow it might be appropiate to fix them since the fixes include some NULL pointer dereferences and such that might lead to core dumps. That's why I'm listing this bug as normal and not of higher priority. In view of this, the following claim in the debian/control is not be true: - Uses the latest CVS source code At the same time, you might want to consider the recommendations I made in #325109, quoting from there: "OWL, a security oriented distribution, ships a number of patches for CVS that might be interesting to review and apply, if they do apply, check out http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/cvs/2 Regards Javier [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753
signature.asc
Description: Digital signature
