Request to upgrade cvs in FreeBSD [New stable cvs release fixing new vulnerability?]
From: Xin LI (delphij_at_frontfree.net)
To: <firstname.lastname@example.org> Date: Wed, 14 Jan 2004 00:41:23 +0800
Greetings, Peter and the Security Officers team,
There is a minor security vulnerability in cvs prior 1.11.10, as described
On December 10th, 2003, itojun has imported cvs 1.11.10 into NetBSD, as the
After a week it has been 'pulled-up' (MFC in our convention) to 1.6 branch:
itojun has clarified the update on this post:
Then I posted a request on this list, having CC'ed to peter@, so@ and re@:
Colin Percival then replied with a patch to mitigate the problem, which
should be easy to audited:
Unfortunately, before we have taken any steps (importing a new cvs version
is not so trivial and I guess that's the reason why you have not done it),
cvs 1.11.11 has been released, and imported into NetBSD:
Which mentions Gentoo Linux's security advisory, GLSA-200312-08, for your
information, is available on BugTraq:
So would you please consider a similar action to be taken place in FreeBSD?
Or, are we really not affected by this?
Thanks in advance!
Repo-meister, Project Coordinator and Liaison
The FreeBSD Simplified Chinese Project
email@example.com mailing list
To unsubscribe, send any mail to "firstname.lastname@example.org"