tech-userlevel: Re: cvs 1.11.10 will be imported

Subject: Re: cvs 1.11.10 will be imported
To: None <kleink@reziprozitaet.de>
From: Jun-ichiro itojun Hagino <itojun@itojun.org>
List: tech-userlevel
Date: 12/10/2003 20:42:29

> > 	i will import cvs 1.11.10, as it includes security fix.
> >
> > itojun
> >
> >
> > SERVER SECURITY ISSUES
> >
> > Malformed module requests could cause the CVS server to attempt to
> > create directories and possibly files at the root of the filesystem
> > holding the CVS repository. Filesystem permissions usually prevent the
> > creation of these misplaced directories, but nevertheless, the CVS
> > server now rejects the malformed requests.
> 
> This particular issue seems to be addressed within a single, isolatable
> patch hunk buried in the 1.11.10 release.  ISTR concerns having been
> voiced recently about interoperatibility issues of recent CVS releases,
> so is it necessary to jump the gun all the way from 1.11.5?

	i'm not aware of the "interoperability issue".  any pointers?
	(i have no problem using cvs 1.11.10 against cvs.netbsd.org)

itojun