[cvsnt] Re: Security issue with cvs server?
Koen
no at ssppaamm.com
Wed Jan 22 12:00:22 GMT 2003
"Tony Hoyle" <tmh at nodomain.org> wrote in message
news:3e2e8310.1368110671 at news.cvsnt.org...
> On Wed, 22 Jan 2003 11:54:34 +0100, "Koen" <no at ssppaamm.com> wrote:
>
> >Does anyone know if this is an issue for cvsnt or not?
> >And if it is fixed, from what version?
> >
> There's a fix in the pipeline (a proper fix that should stop it
> happening in the future, too).
Great! Thanks!
> I'm a bit cheesed off that the news
> was deliberately kept quiet and nobody was told... apparently they
> knew about it a fortnight ago, and decided not to tell anyone. As it
> happens, I finally got the details from slashdot of all places.
If that's so, that doesn't seem right indeed!!!
> AFAIK it would be almost impossible to exploit this kind of thing
> anyway - there's a bit of overhyping going on somewhere (the risk is
> entirely theoretical - unlike buffer overruns which have been
> exploited in the past, there's no record of anyone ever making a
> double free do anything other than crash).
OK. No panic then ;-)
Thanks for the ultra-fast reply!
Keep up the good work!
Koen
More information about the cvsnt
mailing list