[cvsnt] Re: Security issue with cvs server?

Koen no at ssppaamm.com
Wed Jan 22 12:00:22 GMT 2003


Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.


"Tony Hoyle" <tmh at nodomain.org> wrote in message
news:3e2e8310.1368110671 at news.cvsnt.org...
> On Wed, 22 Jan 2003 11:54:34 +0100, "Koen" <no at ssppaamm.com> wrote:
>
> >Does anyone know if this is an issue for cvsnt or not?
> >And if it is fixed, from what version?
> >
> There's a fix in the pipeline (a proper fix that should stop it
> happening in the future, too).

Great! Thanks!

> I'm a bit cheesed off that the news
> was deliberately kept quiet and nobody was told... apparently they
> knew about it a fortnight ago, and decided not to tell anyone.  As it
> happens, I finally got the details from slashdot of all places.

If that's so, that doesn't seem right indeed!!!

> AFAIK it would be almost impossible to exploit this kind of thing
> anyway - there's a bit of overhyping going on somewhere (the risk is
> entirely theoretical - unlike buffer overruns which have been
> exploited in the past, there's no record of anyone ever making a
> double free do anything other than crash).

OK. No panic then ;-)

Thanks for the ultra-fast reply!
Keep up the good work!

Koen




More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook