CVS before 1.11 allows CVS clients to read arbitrary files via … (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | cvs | < 1:1.12.5-4 | cvs_1:1.12.5-4_all.deb |
Debian | 11 | all | cvs | < 1:1.12.5-4 | cvs_1:1.12.5-4_all.deb |
Debian | 10 | all | cvs | < 1:1.12.5-4 | cvs_1:1.12.5-4_all.deb |
Debian | 999 | all | cvs | < 1:1.12.5-4 | cvs_1:1.12.5-4_all.deb |
Debian | 13 | all | cvs | < 1:1.12.5-4 | cvs_1:1.12.5-4_all.deb |