Shankar Unni wrote:
The CVE data should show up soon. We were delaying update of the CVE site in order to make sure that a patch would be available before a general vulnerability announcement.CVS 1.11.5 has been released. This release fixes a major security
vulnerability in CVS. The Common Vulnerabilities and Exposures project
(cve.mitre.org <http://cve.mitre.org>) has assigned the name CAN-2003-0015 to this issue. See the text of CAN-2003-0015 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0015> for more
information.Looks like someone's marked the CVE entry as "reserved", so we have no
idea what this is about. There are literally 0 details on the CVE site,
except the candidate number (not even a one-line description or the
product affected).
Someone care to at least summarize what the vulnerability is?
Without going into too much detail, the vulnerability allows read-only CVS users to execute arbitrary code as the user the CVS server executable is running as.
Again, the CVE site should be updated with more detail soon.
Derek
--
*8^)
Email: [EMAIL PROTECTED]
Get CVS support at <http://ximbiot.com>!
--
73. ASCII a stupid question, get a stupid ANSI!
_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs