Application: CVS feature release <= 1.12.7
CVS stable release <= 1.11.15
Severity: A vulnerability within CVS allows remote compromise of CVS servers.
CVE Information: CAN-2004-0396
Workaround: Upstream vendor has supposedly released a patched version.
Fix in 1.11.16
scandium : could you please bump to that version ? Thanks
cvs-1.11.16 is in the tree now, but still ~ on all archs besides x86.
Architecture people, please mark cvs-1.11.16 stable as soon as possible, thank you.
Marked stable on hppa.
sparc, mips done
Stable on alpha.
Stable on amd64
Stable on ppc.
Our very own cvs-server got already updated, too.
Ready for a GLSA
Stable on s390
missed ppc64 :)
It is still not stable on ia64, ppc64 and arm.
Would be nice if those people could look at it and mark >=1.11.16 stable
stable on ppc64
ppc64 stabled by tgall
arm stabled by vapier
ia64 still missing :(
stable on ia64 by agriffis
We might want to hold off on the GLSA on this one. More vulns were found in cvs see bug #53408
solar, the GLSA for this has already been sent out on May 20th.