Contributed by jose on from the chunk-already-free dept.
"006: SECURITY FIX: January 20, 2003 A double free in cvs(1) could allow an attacker to execute code with the privileges of the user running CVS. This is only an issue when the cvs command is being run on a user's behalf as a different user. This means that, in most cases, the issue only exists for CVS configurations that use the pserver client/server connection method. A source code patch exists which remedies the problem."The original advisory states the problem quite clearly, and this morning I noticed that patch006 is available which fixes the problem. Instructions on how to apply the patch and rebuild your cvs(1) installation are included in the patch.
(Comments are closed)