Package: cvs Version: 1:1.12.9-11 Severity: grave Tags: security Justification: user security hole
CVS 1.12.12 fixes several security issues: * Thanks to a report from Alen Zukich <[EMAIL PROTECTED]>, several minor security issues have been addressed. One was a buffer overflow that is potentially serious but which may not be exploitable, assigned CAN-2005-0753 by the Common Vulnerabilities and Exposures Project <[41]http://www.cve.mitre.org>. Other fixes resulting from Alen's report include repair of an arbitrary free with no known exploit and several plugged memory leaks and potentially freed NULL pointers which may have been exploitable for a denial of service attack. * Thanks to a report from Craig Monson <[EMAIL PROTECTED]>, minor potential vulnerabilities in the contributed Perl scripts have been fixed. The confirmed vulnerability could allow the execution of arbitrary code on the CVS server, but only if a user already had commit access and if one of the contrib scripts was installed improperly, a condition which should have been quickly visible to any administrator. The complete description of the problem is here: <https://ccvs.cvshome.org/issues/show_bug.cgi?id=224>. If you were making use of any of the contributed trigger scripts on a CVS server, you should probably still replace them with the new versions, to be on the safe side. Unfortunately, our fix is incomplete. Taint-checking has been enabled in all the contributed Perl scripts intended to be run as trigger scripts, but no attempt has been made to ensure that they still run in taint mode. You will most likely have to tweak the scripts in some way to make them run. Please send any patches you find necessary back to <[EMAIL PROTECTED]> so that we may again ship fully enabled scripts in the future. You should also make sure that any home-grown Perl scripts that you might have installed as CVS triggers also have taint-checking enabled. This can be done by adding `-T' on the scripts' #! lines. Please try running `perldoc perlsec' if you would like more information on general Perl security and taint-checking. Cheers, Moritz -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages cvs depends on: ii debconf 1.4.48 Debian configuration management sy ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libpam-runtime 0.76-22 Runtime support for the PAM librar ii libpam0g 0.76-22 Pluggable Authentication Modules l ii zlib1g 1:1.2.2-4 compression library - runtime -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
