Fedora Legacy Test Update Notification: cvs

Jesse Keating jkeating at j2solutions.net
Sat Jan 24 09:21:11 UTC 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORA-2004-1207
2004-01-24
- ---------------------------------------------------------------------
 
Name        : cvs
Version 7.2 : 1.11.1p1-9.7.legacy
Version 7.3 : 1.11.1p1-9.7.legacy
Version 7.2 : 1.11.2-9.legacy
Summary     : A version control system.
Description :
CVS (Concurrent Version System) is a version control system that can
record the history of your files (usually, but not always, source
code). CVS only stores the differences between versions, instead of
every version of every file you have ever created. CVS also keeps a log
of who, when, and why changes occurred.
 
CVS is very helpful for managing releases and controlling the
concurrent editing of source files among multiple authors. Instead of
providing version control for a collection of files in a single
directory, CVS provides version control for a hierarchical collection
of directories consisting of revision controlled files. These
directories and files can then be combined together to form a software
release.
 
- ---------------------------------------------------------------------
Update Information:
 
CAN-2003-0977:
CVS server before 1.11.10 may allow attackers to cause the CVS server to 
create directories and files in the file system root directory via 
malformed module requests.
 
2003-12-18: Stable CVS Version 1.11.11 Released! (security update)
 
Contributed by: Derek Price
 
Stable CVS 1.11.11 has been released. Stable releases contain only bug 
fixes from previous versions of CVS. This release adds code to the CVS 
server to prevent it from continuing as root after a user login, as an 
extra failsafe against a compromise of the CVSROOT/passwd file. 
Previously, any user with the ability to write the CVSROOT/passwd file 
could execute arbitrary code as the root user on systems with CVS pserver 
access enabled. We recommend this upgrade for all CVS servers!

- ---------------------------------------------------------------------
Changelog:

* Mon Jan 12 2004 Jason Rohwedder <rohwedde at codegrinder.com> 
1.11.1p1-9.7.legacy
 
- - applied cvs-1.11.9-absolute-modules.patch
- - to make Seth's previous changelog true :)
- - He actually patched
- - http://ccvs.cvshome.org/servlets/NewsItemView?newsID=88
 
* Mon Jan 12 2004 Seth Vidal <skvidal at phy.duke.edu>
 
- - apply security patch for CAN-2003-0977
 
* Tue Dec 30 2003 Seth Vidal <skvidal at phy.duke.edu> 1.11.1p1-8.7.duke.1
 
- - apply security patch for: 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0977
- - second patch to make the above build
 
- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/redhat/
 
46da2ca673b3af8a08eab8b1d4322e0d6a9d08ad  
7.2/updates-testing/SRPMS/cvs-1.11.1p1-9.7.legacy.src.rpm
469e08276fd61a06f816d4d7df68bc6c85a98560  
7.2/updates-testing/i386/cvs-1.11.1p1-9.7.legacy.i386.rpm

46da2ca673b3af8a08eab8b1d4322e0d6a9d08ad  
7.3/updates-testing/SRPMS/cvs-1.11.1p1-9.7.legacy.src.rpm
1dfba0ce740a20bd0977eede82f606ea2f907b00  
7.3/updates-testing/i386/cvs-1.11.1p1-9.7.legacy.i386.rpm
 
31e98f14255c132d3f548a51096b0c444a45797a  
8.0/updates-testing/SRPMS/cvs-1.11.2-9.legacy.src.rpm
e415df08fdfd35216c68651aa5214e7ecdb04268  
8.0/updates-testing/i386/cvs-1.11.2-9.legacy.i386.rpm
 
Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.  This assumes that you have yum or
apt-get configured for obtaining Fedora Legacy content.  Please visit
http://www.fedoralegacy.org/download for directions on how to configure
yum and apt-get.
- ---------------------------------------------------------------------

Please test and comment.

- -- 
Jesse Keating RHCE	(http://geek.j2solutions.net)
Fedora Legacy Team	(http://www.fedoralegacy.org)
Mondo DevTeam		(www.mondorescue.org)
GPG Public Key		(http://geek.j2solutions.net/jkeating.j2solutions.pub)

Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAEjkN4v2HLvE71NURAiFHAJ91TtcDliZTgLkVp5ZAQcVGJXU54gCfRgsQ
CcxdIc3lZNe4NY7cA/68cYY=
=m7BJ
-----END PGP SIGNATURE-----

More information about the fedora-legacy-list mailing list