[cvsnt] Re: Security issue with cvs server?

Tony Hoyle tmh at nodomain.org
Wed Jan 22 11:45:20 GMT 2003

Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.

On Wed, 22 Jan 2003 11:54:34 +0100, "Koen" <no at ssppaamm.com> wrote:

>Does anyone know if this is an issue for cvsnt or not?
>And if it is fixed, from what version?
There's a fix in the pipeline (a proper fix that should stop it
happening in the future, too).    I'm a bit cheesed off that the news
was deliberately kept quiet and nobody was told... apparently they
knew about it a fortnight ago, and decided not to tell anyone.  As it
happens, I finally got the details from slashdot of all places.

AFAIK it would be almost impossible to exploit this kind of thing
anyway - there's a bit of overhyping going on somewhere (the risk is
entirely theoretical - unlike buffer overruns which have been
exploited in the past, there's no record of anyone ever making a
double free do anything other than crash).


More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook