I have received this alert US-CERT Technical Cyber Security Alert TA04-147A -- CVS Heap Overflow Vulnerability Systems Affected * Concurrent Versions System (CVS) versions prior to 1.11.16 * CVS Features versions prior to 1.12.8 I have this version on my system: #cvs -v
Concurrent Versions System (CVS) 1.11.6 (client/server)
Copyright (c) 1989-2003 Brian Berliner, david d `zoo' zuhn, Jeff Polk, and other authors
I suppose I have the problem that the CERT alerts, so where is the patch or the version that solves this problem?
Emiliano Sutil wrote:
I have received this alert US-CERT Technical Cyber Security Alert TA04-147A -- CVS Heap Overflow Vulnerability
yes, see http://www.uscert.gov/cas/techalerts/TA04-147A.html - take a look at the description:
,------- | US-CERT is tracking this issue as VU#192038. This reference number | corresponds to CVE candidate CAN-2004-0396. `-------
Searching for cvs in my mailbox:
,------- | Subject: [suse-security] SUSE Security Announcement: cvs | (SuSE-SA:2004:013) | Date: Wed, 19 May 2004 13:16:00 +0200 (CEST) | From: firstname.lastname@example.org (Sebastian Krahmer) | To: email@example.com ---8<--- | Cross References: CAN-2004-0396 `-------
Same CAN reference. IMHO the US-CERT is too slow...