Application: CVS feature release <= 1.12.7 CVS stable release <= 1.11.15 Severity: A vulnerability within CVS allows remote compromise of CVS servers. Risk: Critical Reference: http://security.e-matters.de/advisories/072004.html CVE Information: CAN-2004-0396 Workaround: Upstream vendor has supposedly released a patched version.
Fix in 1.11.16 scandium : could you please bump to that version ? Thanks
cvs-1.11.16 is in the tree now, but still ~ on all archs besides x86.
Architecture people, please mark cvs-1.11.16 stable as soon as possible, thank you.
Marked stable on hppa.
sparc, mips done
Stable on alpha.
Stable on amd64
Stable on ppc. Our very own cvs-server got already updated, too.
Ready for a GLSA
GLSA drafted
GLSA 200405-12
Stable on s390
missed ppc64 :)
It is still not stable on ia64, ppc64 and arm. Would be nice if those people could look at it and mark >=1.11.16 stable
stable on ppc64
ppc64 stabled by tgall arm stabled by vapier ia64 still missing :(
stable on ia64 by agriffis
We might want to hold off on the GLSA on this one. More vulns were found in cvs see bug #53408
solar, the GLSA for this has already been sent out on May 20th. (glsa-200405-12)