Re: cvs vulnerability
Re: cvs vulnerability
- Subject: Re: cvs vulnerability
- From: Markus Weissmann <email@hidden>
- Date: Mon, 13 Dec 2004 23:05:22 +0100
As cvs probably contains more security holes, it is imho a good idea to
use cvs over ssh only.
-Markus
On Dec 13, 2004, at 20:51, Alex v.Below wrote:
As of this writing, Mac OS X (or rather, the development tools) ship
with CVS 1.10
Something which worries me is that any update of the devtools will
revert the installed CVS version back to 1.10. I have filed this as a
security related bug (3720902), but so far Apple does not consider it
worth changing.
And to make this perfectly clear: cvs is not updated with Security
Updates as of yet.
To keep your OS X machines safe, update cvs manually. This works well
without porting issues of any kind.
Hope this helps
Alex
Am 13.12.2004 um 20:03 schrieb Ed Zaron:
Hello All,
Forgive me if this isn't the best place to ask about this, but I was
looking for some guidance regarding a security problem with cvs which
is discussed here:
http://lists.gnu.org/archive/html/bug-cvs/2004-05/msg00380.html
Does anyone know if this hole has been patched in any of he OS X
security updates? A quick search on security-announce did not
indicate that it was patched.
Ed
..............................................
Edward D. Zaron, PhD
Research Associate (postdoc)
College of Oceanic and Atmospheric Sciences
Oregon State University
Corvallis, OR 97331-5503
Phone: (541) 737-3504
Fax: (541) 737-2064
email@hidden
...............................................
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
email@hidden
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
---
Markus W. Weissmann
http://www.mweissmann.de/
http://www.opendarwin.org/~mww/
Attachment:
PGP.sig
Description: This is a digitally signed message part
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden