[cvsnt] Re: Vulnerability in PCRE

Tony Hoyle tony.hoyle at march-hare.com
Mon Aug 22 15:30:51 BST 2005

Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.

Andreas Tscharner wrote:
> Hello,
> http://www.securitytracker.com/alerts/2005/Aug/1014744.html
> Does this affect CVSNT?
Possibly (we use PCRE 5.0), but to trigger it you'd need write access to 
CVSROOT - ie. already have the ability to run arbitrary code on the 
server anyway.

On Unix builds the compile uses the libpcre on the system if it's 
available, so on those platforms it's up to the vendor.

On Windows it may not work anyway due to the heao overrun protection 
that visual studio adds.

The update looks nontrivial.. they've changed quite a bit.  It might 
have to wait until I'm back from my holidays in a week or so.


More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook