SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for cvs-pserver-1.12.13-1tr.i586.rpm :
Wed Oct 5 14:00:00 2005 Nived Gopalan 1.12.13-1tr
- New Upstream.
- SECURITY Fix: Two vulnerabilities in CVS, which potentially can be
exploited by malicious people to cause a DoS (Denial of Service) and
compromise a vulnerable system, has been fixed.

The vulnerabilities are caused due to the use of a vulnerable version
of zlib (CAN-2004-0797 and CAN-2005-2096).

Mon Sep 19 14:00:00 2005 Erlend Midttun 1.12.12-5tr
- Added missing disable=yes in xinetd.d/cvspserver
- Added missing %config(noreplace) in xinetd.d/cvspserver

Fri Aug 26 14:00:00 2005 Nived Gopalan 1.12.12-4tr
- Security Fix: Josh Bressers has reported a security issue in cvs, which
potentially can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.

The security issue is caused due to insecure temporary file usage by the cvsbug.in
script when saving temporary output to \"/tmp\".

Wed Aug 10 14:00:00 2005 Nived Gopalan 1.12.12-3tr
- Added ugly hack to fix ownership issues with /home/cvs.
- Fix %post section and clean up.

Tue Aug 9 14:00:00 2005 Nived Gopalan 1.12.12-2tr
- Added config files for xinetd.d that are necessary to run CVS in pserver mode.

Tue Apr 19 14:00:00 2005 Erlend Midttun 1.12.12-1tr
- SECURITY: New upstream. From the NEWS file:
- Thanks to a report from Alen Zukich , several minor
security issues have been addressed. One was a buffer overflow that is
potentially serious but which may not be exploitable, assigned CAN-2005-0753
by the Common Vulnerabilities and Exposures Project
. Other fixes resulting from Alen\'s report include
repair of an arbitrary free with no known exploit and several plugged memory
leaks and potentially freed NULL pointers which may have been exploitable for
a denial of service attack.

- Thanks to a report from Craig Monson , minor
potential vulnerabilities in the contributed Perl scripts have been fixed.
The confirmed vulnerability could allow the execution of arbitrary code on
the CVS server, but only if a user already had commit access and if one of
the contrib scripts was installed improperly, a condition which should have
been quickly visible to any administrator. The complete description of the
problem is here: . If
you were making use of any of the contributed trigger scripts on a CVS
server, you should probably still replace them with the new versions, to be
on the safe side.

Thu Jun 10 14:00:00 2004 Chr. Toldnes 1.12.9-1ct
- New upstream version: 1.12.9

Wed Apr 14 14:00:00 2004 Oystein Viggen 1.12.7-1tr
- New upstream

Mon Mar 8 13:00:00 2004 Chr. Toldnes
- Rebuilt for TSL 2.1

Mon Dec 15 13:00:00 2003 Goetz Bock 1.11.10-1bg
- new upstream: 1.11.10, sec fixes

Tue Dec 9 13:00:00 2003 Goetz Bock 1.11.9-1bg
- new upstream: 1.11.9

Mon Aug 18 14:00:00 2003 Goetz Bock 1.11.6-3bg
- requires (t)csh to build correectly

Mon Aug 18 14:00:00 2003 Goetz Bock 1.11.6-2bg
- rebuild for Cloud (aka Trustix 2.0) - Contrib

Mon Jul 21 14:00:00 2003 Goetz Bock 1.11.6-1bg
- new upstream: 1.11.6
- removed patch0 (cvs-1.11.2-mktemp.patch) and
patch1 (cvs-1.11.5-krb4.patch) as they are now included in the src.
- split contrib stuff into own package (as it needs csh)

Mon Feb 24 13:00:00 2003 Goetz Bock 1.11.5-5bg
- build on TSL1.5, try to cheat with noauto
* script

Mon Dec 16 13:00:00 2002 Goetz Bock 1.11.5-4bg
- listen to Shime: cvsclient got own html directory
- removed .ps files (we have .html and manpages)

Mon Dec 16 13:00:00 2002 Goetz Bock 1.11.5-3bg
- fixed stupid typo

Mon Dec 16 13:00:00 2002 Goetz Bock 1.11.5-2bg
- changed info to htmlinfo

Tue Jun 25 14:00:00 2002 Goetz Bock 1.11.5-1bg
- rebuild for Trustiix Secure Linux
- based on some version after 1.11.2-3 from readhat.com


  
ICM