Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 51460
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Nilanjan De <n2n@front.ru>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
koon: ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 51460 depends on: Show dependency tree
Bug 51460 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-05-19 08:50 0000 
Application:	CVS feature release <= 1.12.7
CVS stable release <= 1.11.15
Severity:	A vulnerability within CVS allows remote compromise of CVS servers.
Risk:	Critical
Reference:	http://security.e-matters.de/advisories/072004.html
CVE Information: CAN-2004-0396

Workaround: Upstream vendor has supposedly released a patched version.

------- Comment #1 From Thierry Carrez (RETIRED) 2004-05-19 08:56:16 0000 ------- 
Fix in 1.11.16
scandium : could you please bump to that version ? Thanks

------- Comment #2 From Rainer Größlinger 2004-05-19 09:35:20 0000 ------- 
cvs-1.11.16 is in the tree now, but still ~ on all archs besides x86.

------- Comment #3 From Rainer Größlinger 2004-05-19 09:40:28 0000 ------- 
Architecture people, please mark cvs-1.11.16 stable as soon as possible, thank
you.

------- Comment #4 From Guy Martin 2004-05-19 10:33:08 0000 ------- 
Marked stable on hppa.

------- Comment #5 From Ciaran McCreesh 2004-05-19 12:57:21 0000 ------- 
sparc, mips done

------- Comment #6 From Bryan Østergaard (RETIRED) 2004-05-19 13:04:43 0000 ------- 
Stable on alpha.

------- Comment #7 From Jon Portnoy (RETIRED) 2004-05-19 13:22:58 0000 ------- 
Stable on amd64

------- Comment #8 From Lars Weiler (RETIRED) 2004-05-19 14:21:12 0000 ------- 
Stable on ppc.

Our very own cvs-server got already updated, too.

------- Comment #9 From Thierry Carrez (RETIRED) 2004-05-19 14:23:21 0000 ------- 
Ready for a GLSA

------- Comment #10 From Thierry Carrez (RETIRED) 2004-05-20 10:01:03 0000 ------- 
GLSA drafted

------- Comment #11 From Thierry Carrez (RETIRED) 2004-05-20 11:41:03 0000 ------- 
GLSA 200405-12

------- Comment #12 From Michael McCabe (RETIRED) 2004-05-20 18:03:51 0000 ------- 
Stable on s390

------- Comment #13 From Rainer Größlinger 2004-05-21 05:00:24 0000 ------- 
missed ppc64 :)

------- Comment #14 From Rainer Größlinger 2004-06-02 14:17:07 0000 ------- 
It is still not stable on ia64, ppc64 and arm.

Would be nice if those people could look at it and mark >=1.11.16 stable

------- Comment #15 From Tom Gall 2004-06-02 18:46:41 0000 ------- 
stable on ppc64

------- Comment #16 From Rainer Größlinger 2004-06-07 16:02:26 0000 ------- 
ppc64 stabled by tgall
arm stabled by vapier

ia64 still missing :(

------- Comment #17 From Rainer Größlinger 2004-06-09 08:15:33 0000 ------- 
stable on ia64 by agriffis

------- Comment #18 From solar 2004-06-09 10:22:50 0000 ------- 
We might want to hold off on the GLSA on this one. More vulns were found in cvs
see bug #53408

------- Comment #19 From Rainer Größlinger 2004-06-09 10:26:42 0000 ------- 
solar, the GLSA for this has already been sent out on May 20th.
(glsa-200405-12)
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug