Dec. 3, 2010 Dmitry V. Levin 1.11.23-alt4
- Applied upstream fix to an array index error, leading to a heap-based
buffer overflow, found in the way CVS applied certain delta fragment
changes from input files in the RCS (Revision Control System) file
format. If an attacker in control of a CVS repository stored a
specially-crafted RCS file in that repository, this could result in
arbitrary code execution with the privileges of the CVS server process
on the system hosting the CVS repository when a remote user eventually
checks out a revision of the affected file.
Special thanks to Owl for the description.
(CVE-2010-3846; closes: [#24468](<https://bugzilla.altlinux.org/24468>)).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ALT Linux | 5 | src | cvs-1.11.23-alt3.m50p.1.src.rpm | < 1.11.23-alt4 | cvs-1.11.23-alt3.M50P.1.src.rpm |
ALT Linux | 5 | x86_64 | cvs-1.11.23-alt3.m50p.1.x86_64.rpm | < 1.11.23-alt4 | cvs-1.11.23-alt3.M50P.1.x86_64.rpm |
ALT Linux | 5 | i586 | cvs-1.11.23-alt3.m50p.1.i586.rpm | < 1.11.23-alt4 | cvs-1.11.23-alt3.M50P.1.i586.rpm |