Hello, Hans!
> CVS pserver seems to have no timeout for broken connections. After a
> few time I have some dead cvs-pservers-processes. What can I do?
Perhaps it's time to raise an alert on CERT.
Somebody is misusing a hole that I discovered in "cvs log" a while ago :-(
It's fixed in 1.10.8
Upgrading to cvs-1.10.8 will hopefully solve the problem.
PS. Nowadays when anonymous CVS is so widespread, it's yet to be seen how
many security holes are still in CVS. Maybe we should ask OpenBSD guys to
examine CVS for buffer overflows and other security issues.
Regards,
Pavel Roskin
