On Mon, Jan 20, 2003 at 04:55:52PM -0500, Derek Robert Price wrote: > > < ...> > The CVE data should show up soon. We were delaying update of the CVE > site in order to make sure that a patch would be available before a > general vulnerability announcement. > > Without going into too much detail, the vulnerability allows read-only > CVS users to execute arbitrary code as the user the CVS server > executable is running as. > > Again, the CVE site should be updated with more detail soon. > > Derek any ETA on this? as of 21:46 GMT (2003-01-21) the CVE site still has no details. the reports on the net have lotsof conflicting information as to the extent of the exploit.
Regards, Steven Roberts _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
