* Niels Heinen *sigh*, what doesn't one get in the lap on one's first day as Debian's cvs package maintainer? ;)
| FYI | | This was posted on [EMAIL PROTECTED] today. Thanks. | it seems that cvs (version 1.10.7 from Debians stable repos) has a | bufferoverflow but I'm but sure if it's exploitable | | ls -la /usr/bin/cvs | -rwxr-xr-x 1 root root 490160 Mar 22 2000 /usr/bin/cvs | | no suid bit but it's owned by root That it's owned by root shouldn't matter. The issue might be whether it's possible to exploit this through pserver. I just got this message and haven't had the time to look at it yet. Will do and report back, asap (or at least asa I can find myself a potato box). -- Tollef Fog Heen Unix _IS_ user friendly... It's just selective about who its friends are. _______________________________________________ Bug-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/bug-cvs
