Patch 001 for OpenBSD 3.7

Contributed by grey on 2005-06-10 from the getting back to a slow start dept.

Thanks to Ryan Patterson for writing in with the following:

I noticed this during my morning romp...

"001: SECURITY FIX: June 7, 2005 All architectures
Fix a buffer overflow, memory leaks, and NULL pointer dereference in cvs(1) . None of these issues are known to be exploitable. CAN-2005-0753 ." A source code patch exists which remedies this problem.

Be sure to check http://www.openbsd.org/errata.html as always.

(Comments are closed)

Comments

By Bas Keur (213.84.93.41) bas.keur@dmrt.net on 2005-06-10 19:24 http://www.dmrt.net

Patch for 3.7
Patch for 3.6
Patch for 3.5
By Anonymous Coward (134.58.253.131) on 2005-06-10 22:37

hehe, a bug in gnu cvs...

Soon we won't need to bother with that anymore... can't wait for opencvs :-)
Comments
1. By almeida (66.31.180.15) on 2005-06-11 03:00
  
  Any idea how much more development OpenCVS needs before it replaces the existing CVS?
  Comments
  1. By miguel (193.147.239.254) on 2005-06-11 07:27
    
    Not sure about the time, but by the moment, there is no code available :P
    
    Comments
    
    By Matthias Kilian (84.134.5.239) on 2005-06-11 08:11
    
    It's in CVS (/usr/src/usr.bin/cvs), but I don't know how usable it is yet.
    
    Comments
    
    By joris@ (213.224.72.181) on 2005-06-11 12:27
    
    the client side is pretty usable, although there might still
    be some bugs left, some commands are not supported yet.
    
    about the server side, i have a diff to get it going, hopefully
    that will go in soon. after that we need to finish the local
    command stuff, since the server relies on that.
    
    feel free to start testing opencvs, and give us feedback about
    what is missing or what bugs you encounter and how we can reproduce
    them, so we can fix them.
2. By Anonymous Coward (193.167.6.71) on 2005-06-11 14:32
  
  How do you know that one doesn't have buffer overflows aswell. A language with automatic bounds checking please.
  Comments
  1. By Bert (68.100.43.184) blambert at thepresidency dot org on 2005-06-11 15:33
    
    While you're at it, would you like a pony too?
  2. By m0rf (68.104.57.241) on 2005-06-11 19:15
    
    oh you mean a language written in C or written in a language written in C?
    
    Comments
    
    By Anonymous Coward (68.202.41.228) on 2005-06-11 20:20
    
    Which is harder to validate -- a small chunk of C code that implements bounds checking for some other language X, or an infinite number of C programs which all may access arrays incorrectly? Your argument is equivalent to saying that since compilers have bugs we all might as well write in assembly. Progress is made by building more and more sophisticated tools, not by giving up because making something complex is hard.
    
    Comments
    
    By Anonymous Coward (68.145.40.99) on 2005-06-12 00:35
    
    So, coding in C is hard... that's why we don't give up. :-)
  3. By Anonymous Coward (66.44.2.219) on 2005-06-13 02:03
    
    Yes, time to rewrite OpenBSD in Java! </sarcasm>
    
    Comments
    
    By Anonymous Coward (143.129.75.52) on 2005-06-13 15:08
    
    I vote for Python!
By gabriel (200.212.63.10) on 2005-06-15 21:43

how those kind of "bugs" still manage to get trhu with today compilers and tools?

Latest Articles

Wed, Apr 24
- 04:35 Game of Trees 0.98 released (0)
Tue, Apr 23
- 05:25 pfctl(8) and systat(8) to display fragment reassembly statistics (0)
Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (12)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]