Please tell me or point me to documentation on how to upgrade my version of CVS if I am using wincvs 1.3. ?
Thanks, --- Derek Robert Price <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Steve McIntyre wrote: > > >On Fri, Dec 05, 2003 at 12:25:55AM -0500, Derek > Robert Price wrote: > > > >>CVS feature version 1.12.3 has been released. > Feature releases contain > >>new features as well as all the bug fixes from the > stable release. This > >>release fixes a security issue with no known > exploits that could cause > >>previous versions of CVS to attempt to create > files and directories in > >>the filesystem root. This release also fixes > several issues relevant to > >>case insensitive filesystems and some other bugs. > We recommend this > >>upgrade for all CVS clients and servers already > running the feature > >>release and those users who like to stay on the > cutting edge! > > > > > >Derek, are you sure the simple fix in modules.c to > check for > >!isabsolute() will fix the hole here? What about > people specifying > >../../../../../../<something> ? Probably the > easiest fix for that is > >to modify isabsolute() to check for .. entries in > the path > >specified. > > > >Thoughts? > > > If you can send me a reproducible case where CVS > doesn't abort with an > error, I'll be happy to look into it, but I am > pretty sure CVS has been > catching the indirection case for years. Go ahead > and try it. > > Derek > > - -- > *8^) > > Email: [EMAIL PROTECTED] > > Get CVS support at <http://ximbiot.com>! > - -- > I will return the seeing-eye dog. > I will return the seeing-eye dog. > I will return the seeing-eye dog... > > - Bart Simpson on chalkboard, _The > Simpsons_ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.7 (GNU/Linux) > Comment: Using GnuPG with Netscape - > http://enigmail.mozdev.org > > iD8DBQE/3nr+LD1OTBfyMaQRAlquAJ4yytDbls+IFIGo3ylQWstqC+0MAgCgvY+b > WOb43T30fO3bVNDW18p5x04= > =RV9Q > -----END PGP SIGNATURE----- > > > > > _______________________________________________ > Info-cvs mailing list > [EMAIL PROTECTED] > http://mail.gnu.org/mailman/listinfo/info-cvs __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs