Subject: Re: cvs 1.11.10 will be imported
To: None <itojun@iijlab.net>
From: Klaus Klein <kleink@reziprozitaet.de>
List: tech-userlevel
Date: 12/10/2003 11:57:35
On Wednesday 10 December 2003 06:56, itojun@iijlab.net wrote:

> 	i will import cvs 1.11.10, as it includes security fix.
>
> itojun
>
>
> SERVER SECURITY ISSUES
>
> Malformed module requests could cause the CVS server to attempt to
> create directories and possibly files at the root of the filesystem
> holding the CVS repository. Filesystem permissions usually prevent the
> creation of these misplaced directories, but nevertheless, the CVS
> server now rejects the malformed requests.

This particular issue seems to be addressed within a single, isolatable
patch hunk buried in the 1.11.10 release.  ISTR concerns having been
voiced recently about interoperatibility issues of recent CVS releases,
so is it necessary to jump the gun all the way from 1.11.5?


- Klaus