Lucene search

GoogleOSV:DSA-802-1

HistorySep 07, 2005 - 12:00 a.m.

cvs - insecure temporary files

2005-09-0700:00:00

Google

osv.dev

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON

Marcus Meissner discovered that the cvsbug program from CVS, which
serves the popular Concurrent Versions System, uses temporary files in
an insecure fashion.

For the old stable distribution (woody) this problem has been fixed in
version 1.11.1p1debian-13.

In the stable distribution (sarge) the cvs package does not expose the
cvsbug program anymore.

In the unstable distribution (sid) the cvs package does not expose the
cvsbug program anymore.

We recommend that you upgrade your cvs package.

CPENameOperatorVersion
cvseq1.11.1p1debian-11
cvseq1.11.1p1debian-10
cvseq1.11.1p1debian-9woody7
cvseq1.11.1p1debian-12

Name	Operator	Version
cvs	eq	1.11.1p1debian-11
cvs	eq	1.11.1p1debian-10
cvs	eq	1.11.1p1debian-9woody7
cvs	eq	1.11.1p1debian-12

References

www.debian.org/security/2005/dsa-802

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for OSV:DSA-802-1