Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 53800
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Carsten Lohrke <carlo@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 53800 depends on: Show dependency tree
Bug 53800 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-06-13 06:26 0000 
During a security audit of Chora a vulnerability within the diff viewing
functionality was discovered. This hole allows arbitrary shellcode injection.
Combined with PHP's file upload functionality this gives the opportunity to
upload arbitrary binaries and to execute them. (In default configurations)
Concurrent Versions System (CVS) is the dominant open-source version control
software that allows developers to access the latest code using a network
connection. 

http://security.e-matters.de/advisories/102004.html

------- Comment #1 From Kurt Lieber 2004-06-13 06:40:32 0000 ------- 
Mike -- can you please review/patch as needed?

------- Comment #2 From SpanKY 2004-06-13 10:47:15 0000 ------- 
1.2.1 removed from cvs and 1.2.2 added (stable on all arches)

------- Comment #3 From Thierry Carrez (RETIRED) 2004-06-14 09:19:53 0000 ------- 
GLSA ready

------- Comment #4 From Thierry Carrez (RETIRED) 2004-06-15 12:08:55 0000 ------- 
GLSA 200406-09
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug