Marcus Meissner discovered that the cvsbug program from CVS, which
serves the popular Concurrent Versions System, uses temporary files in
an insecure fashion.
For the old stable distribution (woody) this problem has been fixed in
version 1.11.1p1debian-13.
In the stable distribution (sarge) the cvs package does not expose the
cvsbug program anymore.
In the unstable distribution (sid) the cvs package does not expose the
cvsbug program anymore.
We recommend that you upgrade your cvs package.
CPE | Name | Operator | Version |
---|---|---|---|
cvs | eq | 1.11.1p1debian-11 | |
cvs | eq | 1.11.1p1debian-10 | |
cvs | eq | 1.11.1p1debian-9woody7 | |
cvs | eq | 1.11.1p1debian-12 |