Remote DoS and other issues are reported.
Created attachment 54351 [details, diff] cvs-1.11.18-kclockwork.patch
Created attachment 54352 [details, diff] cvs-1.12.11-klocwork.patch
cvs-1.11.18-kclockwork.patch should be renamed to klocwork vs kclockwork
Created attachment 54354 [details] cvs-1.12.11-r1.ebuild
Created attachment 54355 [details] cvs-1.11.18-r1.ebuild
Please test and report results back on this bug. Do NOT commit anything yet. Calling specific testers as this bug is still not open. If anyone is not able to do it soon, please point at another tester from your arch team. alpha -> kloeri amd64 -> blubb ppc -> SeJo ppc64 -> corsair sparc -> gustavoz x86 -> tester Also note that we have no maintainer for this package atm.
Btw, is it pserver related, client/server? What parts needs testing? I haven't found any problem on x86 in my basic general testing.
AFAICT it's various null dereferences fixes and mostly a buffer overflow in rcs.c when asking for a strange version or author. So general testing should be sufficient ?
looks good on ppc64.
sparc looks good too.
too busy at the moment, sorry. have fun, kugelfang :)
We patched up lark on the 24th for those of you wondering about our own cvs server using cvs-1.11.18-r1 (that will be the initial desired stable one) if I'm not mistaken upstream has these fixes in cvs already and the comments in the log note the problems. https://ccvs.cvshome.org/servlets/NewsItemView?newsItemID=133 1.11.19 should fix this (and we could almost push that to stable asap)
Alpha is good.
both look good on ppc
fine on amd64 :-) sorry for the delay
All supported arches reported it stable, waiting for disclosure date to commit it directly with KEYWORDS="x86 ppc sparc ~mips alpha ~arm ~hppa amd64 ~ia64 ppc64 ~s390"
disclosure date passed with no advisories. New disclosure date unknown. Solar judging from CVS Changelog entries for 2005-03-17 some of the initial issues reported are not fixed in kclockwork patch but in the public CVS tree. https://ccvs.cvshome.org/source/browse/ccvs/src/ChangeLog?rev=1.3170&content-type=text/vnd.viewcvs-markup
Pylon please advise on comment #17.
Pylon, when you're at it, please also take a look at the following bug: https://ccvs.cvshome.org/issues/show_bug.cgi?id=224
Use CAN-2005-0753 for the buffer overflow issue.
This is public with SUSE-SA:2005:024. Solar/vapier/Pylon please commit.
Thx to tigger we now have the fixed ebuild in Portage. GLSA 200504-16 released. mips, arm, hppa, ia64, s390 please remember to mark stable to benefit from GLSA.
Handling remaining DoS issues from comment #17 and comment #19 on bug #89579.
Already a newer version stable on hppa
cvs-1.11.20 stable on mips.