diff options
Diffstat (limited to 'polish/security/2004/dsa-486.wml')
-rw-r--r-- | polish/security/2004/dsa-486.wml | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/polish/security/2004/dsa-486.wml b/polish/security/2004/dsa-486.wml new file mode 100644 index 00000000000..3baa8ef588f --- /dev/null +++ b/polish/security/2004/dsa-486.wml @@ -0,0 +1,34 @@ +#use wml::debian::translation-check translation="1.1" maintainer="" +#pddp arteek +<define-tag description>several vulnerabilities</define-tag> +<define-tag moreinfo> +<p>Two vulnerabilities have been discovered and fixed in CVS:</p> + +<ul> + +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0180">CAN-2004-0180</a> + + <p>Sebastian Krahmer discovered a vulnerability whereby + a malicious CVS pserver could create arbitary files on the client + system during an update or checkout operation, by supplying absolute + pathnames in RCS diffs.</p> + +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0405">CAN-2004-0405</a> + + <p>Derek Robert Price discovered a vulnerability whereby + a CVS pserver could be abused by a malicious client to view the + contents of certain files outside of the CVS root directory using + relative pathnames containing "../".</p> + +</ul> + +<p>For the current stable distribution (woody) these problems have been +fixed in version 1.11.1p1debian-9woody2.</p> + +<p>For the unstable distribution (sid), these problems will be fixed soon.</p> + +<p>We recommend that you update your cvs package.</p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2004/dsa-486.data" |