cvs commit: src/gnu/usr.bin/cvs/cvs Makefile client.patch modules.patch

Jacques Vidrine nectar at
Wed Apr 14 09:40:50 PDT 2004

nectar      2004/04/14 09:40:50 PDT

  FreeBSD src repository

  Modified files:
    gnu/usr.bin/cvs/cvs  Makefile 
  Added files:
    gnu/usr.bin/cvs/cvs  client.patch modules.patch 
  Patch vulnerabilities in the CVS client and server:
    A malicious CVS server could cause your CVS client to overwrite
    arbitrary files (CAN-2004-0180).
    When a CVS client uses the `-p' checkout option, the server could be
    fooled into checking out files from outside the given $CVSROOT.
  (This patch is applied in an unorthodox manner so as not to complicate
   a later vendor import of CVS.)
  Revision  Changes    Path
  1.45      +10 -2     src/gnu/usr.bin/cvs/cvs/Makefile
  1.1       +30 -0     src/gnu/usr.bin/cvs/cvs/client.patch (new)
  1.1       +25 -0     src/gnu/usr.bin/cvs/cvs/modules.patch (new)

More information about the cvs-src mailing list