Re: cvs version 1.11.10 import? [security fix]

• Previous message: Mark Murray: "Re: s/key authentication for Apache on FreeBSD?"
• In reply to: Colin Percival: "Re: cvs version 1.11.10 import? [security fix]"
• Next in thread: Colin Percival: "Re: cvs version 1.11.10 import? [security fix]"
• Reply: Colin Percival: "Re: cvs version 1.11.10 import? [security fix]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 15 Dec 2003 10:46:39 -0500
To: Colin Percival <colin.percival@wadham.ox.ac.uk>, <freebsd-security@freebsd.org>

Hi, did you ever find out if this security issue does effect FreeBSD ?

         ---Mike

At 08:14 PM 10/12/2003, Colin Percival wrote:
>At 09:08 11/12/2003 +0800, =?gb2312?B?WGluIExJL8Du9s4=?= wrote:
>>Will this affect FreeBSD's version 1.11.5 cvs, too? If so, is it possible to
>>import the 1.11.10 before 5.2-RELEASE is released? Thanks!
>
> If it affects FreeBSD, I'm sure the new version will be imported before
>5.2-RELEASE escapes. The release engineering and security teams talk to
>each other occasionally, and especially prior to releases. :)
>
>Colin Percival
>
>
>_______________________________________________
>freebsd-security@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Mark Murray: "Re: s/key authentication for Apache on FreeBSD?"
• In reply to: Colin Percival: "Re: cvs version 1.11.10 import? [security fix]"
• Next in thread: Colin Percival: "Re: cvs version 1.11.10 import? [security fix]"
• Reply: Colin Percival: "Re: cvs version 1.11.10 import? [security fix]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: cvs version 1.11.10 import? [security fix] ... did you ever find out if this security issue does effect FreeBSD? ... the relevant patch from CVS's CVS tree and included it below. ... retrieving revision 1.21 ... (FreeBSD-Security) Re: CVS woes: .cvspass ... > in CVS. ... I suppose You're talking about UID/GID based security. ... guarantee any security whatsoever for a CVS repository using CVSpserver ... IPsec can only be used to protect virtual circuts that might happen to ... (Bugtraq) Re: CVS woes: .cvspass ... > Nope, sorry, but that's just not possible, at least not with CVS pserver. ... > The unix security model, within which CVS is designed and implemented to ... But also 1.11 did setuid etc before doing CVS operations. ... (Bugtraq) [Full-Disclosure] [FLSA-2004:1735] Updated cvs packages fix security vulnerabilities ... Updated cvs packages that fix a security vulnerabilities are now ... CVS is a version control system frequently used to manage source code ... Users of CVS are advised to upgrade to this updated package, ... where is a list of the RPMs you wish to upgrade. ... (Full-Disclosure) Re: CVS woes: .cvspass ... It's not possible to "secure" CVSpserver using IPsec. ... CVS and the Unixsystems it runs upon. ... use host-level security techniques and assume their virtual circuits are ... identities for every individual human user. ... (Bugtraq)