From:
[email protected]
Package: cvs
Version: 1.11.1p1debian-9woody7
Severity: grave
Tags: woody security upstream fixed-upstream
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0778:
+-----------------------------------------------------------------------------+ | Name | CAN-2004-0778 (under review) | |-------------+---------------------------------------------------------------| | | CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows | | | remote attackers to determine the existence of arbitrary | | Description | files and directories via the -X command for an alternate | | | history file, which causes different error messages to be | | | returned. | |-------------+---------------------------------------------------------------| | References | * IDEFENSE:20040816 CVS Undocumented Flag Information | | | Disclosure Vulnerability | |-------------+---------------------------------------------------------------| | Phase | Assigned (20040811) | |-------------+---------------------------------------------------------------|
The idefense advisory is available at
http://www.idefense.com/application/poi/display?id=130&type=vulnerabilities
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (800, 'unstable'), (750, 'experimental'), (500, 'testing') Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=C, LC_CTYPE=en_US.ISO8859-1
Versions of packages cvs depends on:
ii debconf 1.4.31 Debian configuration management sy ii libc6 2.3.2.ds1-16 GNU C Library: Shared libraries an ii libpam-runtime 0.76-22 Runtime support for the PAM librar ii libpam0g 0.76-22 Pluggable Authentication Modules l ii zlib1g 1:1.2.1.1-5 compression library - runtime
-- debconf information excluded
--
Obsig: developing a new sig
--
To UNSUBSCRIBE, email to
[email protected]
with a subject of "unsubscribe". Trouble? Contact
[email protected]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)