vuln needs investigation and need a new form
Jesse Keating
jkeating at j2solutions.net
Mon Jan 12 16:45:47 UTC 2004
So, I just saw this morning that RH issued an update for CVS, and in the
information there was this line:
A flaw was found in versions of CVS prior to 1.11.10 where a malformed
module request could cause the CVS server to attempt to create files or
directories at the root level of the file system. However, normal file
system permissions would prevent the creation of these misplaced
directories. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0977 to this issue.
Since RHL 8/7.x presumably have a CVS version that is prior to 1.11.10,
we need to investigate and possibly backport the fix. Any volunteers ?
This brings me to my next point, should we have a standard form for
requesting updates? We've pretty much standardized the announcing
updates (I'll upload a final version to the website today for final
approval), but we should probably have something for requesting them as
well.
Seth Vidal and I worked on a format for fedora-devel, so that could be
modified for legacy use.
http://linux.duke.edu/~skvidal/misc/fedora-request-template.txt
Until I get the time to revamp this, if anybody on the list would like
to go through it and fix it up for legacy use, I'd appreciate it.
--
Jesse Keating RHCE MCSE (geek.j2solutions.net)
Fedora Legacy Team (www.fedoralegacy.org)
Mondo DevTeam (www.mondorescue.org)
GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub)
Was I helpful? Let others know:
http://svcs.affero.net/rm.php?r=jkeating
More information about the fedora-legacy-list
mailing list