Subject: Re: cvs 1.11.10 will be imported
To: None <firstname.lastname@example.org>
From: Jun-ichiro itojun Hagino <email@example.com>
Date: 12/10/2003 20:42:29
> > i will import cvs 1.11.10, as it includes security fix.
> > itojun
> > SERVER SECURITY ISSUES
> > Malformed module requests could cause the CVS server to attempt to
> > create directories and possibly files at the root of the filesystem
> > holding the CVS repository. Filesystem permissions usually prevent the
> > creation of these misplaced directories, but nevertheless, the CVS
> > server now rejects the malformed requests.
> This particular issue seems to be addressed within a single, isolatable
> patch hunk buried in the 1.11.10 release. ISTR concerns having been
> voiced recently about interoperatibility issues of recent CVS releases,
> so is it necessary to jump the gun all the way from 1.11.5?
i'm not aware of the "interoperability issue". any pointers?
(i have no problem using cvs 1.11.10 against cvs.netbsd.org)