On Thu, May 27, 2004 at 07:09:42PM +0900, SUGIYAMA Tomoaki wrote: > I think that it is not "Buffer overflow" but "Heap overflow" on > line 136 in webwml/english/News/weekly/2004/21/index.wml file. > > > <li><a href="$(HOME)/security/2004/dsa-505">cvs</a> -- > > Buffer overflow.
The CVE advisory says Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines. so I think both descriptions are correct. -- Matt Kraai [EMAIL PROTECTED] http://ftbfs.org/
