CVS Heap Overflow Vulnerability
Hello, I have received this alert US-CERT Technical Cyber Security Alert TA04-147A -- CVS Heap Overflow Vulnerability Systems Affected * Concurrent Versions System (CVS) versions prior to 1.11.16 * CVS Features versions prior to 1.12.8 I have this version on my system: #cvs -v Concurrent Versions System (CVS) 1.11.6 (client/server) Copyright (c) 1989-2003 Brian Berliner, david d `zoo' zuhn, Jeff Polk, and other authors I suppose I have the problem that the CERT alerts, so where is the patch or the version that solves this problem? Thanks -- Emiliano Sutil García
Hi Emiliano, Emiliano Sutil wrote:
I have received this alert US-CERT Technical Cyber Security Alert TA04-147A -- CVS Heap Overflow Vulnerability
yes, see http://www.uscert.gov/cas/techalerts/TA04-147A.html - take a look at the description: ,------- | US-CERT is tracking this issue as VU#192038. This reference number | corresponds to CVE candidate CAN-2004-0396. `------- Searching for cvs in my mailbox: ,------- | Subject: [suse-security] SUSE Security Announcement: cvs | (SuSE-SA:2004:013) | Date: Wed, 19 May 2004 13:16:00 +0200 (CEST) | From: krahmer@suse.de (Sebastian Krahmer) | To: suse-security@suse.com ---8<--- | Cross References: CAN-2004-0396 `------- Same CAN reference. IMHO the US-CERT is too slow... GTi
participants (2)
-
Emiliano Sutil
-
list@nolog.org