[cvsnt] Re: Vulnerability in PCRE
Tony Hoyle
tony.hoyle at march-hare.com
Mon Aug 22 15:30:51 BST 2005
Andreas Tscharner wrote:
> Hello,
>
> http://www.securitytracker.com/alerts/2005/Aug/1014744.html
>
> Does this affect CVSNT?
>
Possibly (we use PCRE 5.0), but to trigger it you'd need write access to
CVSROOT - ie. already have the ability to run arbitrary code on the
server anyway.
On Unix builds the compile uses the libpcre on the system if it's
available, so on those platforms it's up to the vendor.
On Windows it may not work anyway due to the heao overrun protection
that visual studio adds.
The update looks nontrivial.. they've changed quite a bit. It might
have to wait until I'm back from my holidays in a week or so.
Tony
More information about the cvsnt
mailing list