4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
Marcus Meissner discovered that the cvsbug program from CVS, which
serves the popular Concurrent Versions System, uses temporary files in
an insecure fashion.
For the old stable distribution (woody) this problem has been fixed in
version 1.11.1p1debian-13.
In the stable distribution (sarge) the cvs package does not expose the
cvsbug program anymore.
In the unstable distribution (sid) the cvs package does not expose the
cvsbug program anymore.
We recommend that you upgrade your cvs package.
CPE | Name | Operator | Version |
---|---|---|---|
cvs | eq | 1.11.1p1debian-11 | |
cvs | eq | 1.11.1p1debian-10 | |
cvs | eq | 1.11.1p1debian-9woody7 | |
cvs | eq | 1.11.1p1debian-12 |