-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ãyvind A. Holm wrote:
> I have all the CVS I personally need, :) but people should really
> upgrade if they are running pserver, so these files will remain on the
No, really! It's not just pserver that has this vulnerability! It's
any CVS client/server mechanism prior to 1.11.16 & 1.12.8 as long as
the attacker can authenticate.
The most common anonymous read-only accounts are implemented using
pserver, but this vulnerability is not limited to the CVS pserver!
Derek
- --
*8^)
Email: [EMAIL PROTECTED]
Get CVS support at <http://ximbiot.com>!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAtq0RLD1OTBfyMaQRArMNAJ92v0mDBlQ0BXFlcWbbDdy7SfjxuQCfUOB1
YCeDWZ65eP3TwSOnjpPUPrI=
=E4bn
-----END PGP SIGNATURE-----
_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs
