Date: Wed, 22 Jan 2003 19:00:31 -0500
From: White Vampire <whitevampire@mindless.com>
To: bugtraq@securityfocus.com
Subject: [security@slackware.com: [slackware-security] New CVS packages available]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ----- Forwarded message from Slackware Security Team <security@slackware.com> -----
Return-Path: <owner-slackware-security@slackware.com>
Delivered-To: whitvamp@localhost
Received: (qmail 22276 invoked from network); 22 Jan 2003 01:02:50 -0000
Received: from localhost (127.0.0.1)
by localhost with SMTP; 22 Jan 2003 01:02:50 -0000
Delivered-To: vampwhit@lilly.csoft.net
Received: from mail102.csoft.net [63.111.26.110]
by localhost with POP3 (fetchmail-5.8.3)
for whitvamp@localhost (single-drop); Tue, 21 Jan 2003 20:02:50 -0500 (EST)
Received: (qmail 9694 invoked from network); 22 Jan 2003 00:47:19 -0000
Received: from unknown (HELO spf6.us4.outblaze.com) (205.158.62.33)
by mail102.csoft.net with SMTP; 22 Jan 2003 00:47:19 -0000
Received: from bob.slackware.com (slackware.com [64.57.102.34])
by spf6.us4.outblaze.com (8.12.6/8.12.6) with ESMTP id h0M0ghF2065696
for <whitevampire@mindless.com>; Wed, 22 Jan 2003 00:42:50 GMT
Received: (from daemon@localhost)
by bob.slackware.com (8.11.6/8.11.6) id h0LN2E615426
for slackware-security-outgoing; Tue, 21 Jan 2003 15:02:14 -0800
Received: from localhost (security@localhost)
by bob.slackware.com (8.11.6/8.11.6) with ESMTP id h0LMQKS14291
for <slackware-security@slackware.com>; Tue, 21 Jan 2003 14:26:20 -0800
Date: Tue, 21 Jan 2003 14:26:20 -0800 (PST)
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] New CVS packages available
Message-ID: <Pine.LNX.4.21.0301211425220.14267-100000@bob.slackware.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-slackware-security@slackware.com
Precedence: bulk
Reply-To: Slackware Security Team <security@slackware.com>
New cvs packages are available to fix a security vulnerability.
Here are the details from the Slackware 8.1 ChangeLog:
- ----------------------------
Tue Jan 21 13:12:20 PST 2003
patches/packages/cvs-1.11.5-i386-1.tgz: Upgraded to cvs-1.11.5.
This release fixes a major security vulnerability in the CVS server
by which users with read only access could gain write access.
Details should be available at this URL (but don't seem to be yet):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0015
(* Security fix *)
- ----------------------------
WHERE TO FIND THE NEW PACKAGE:
- ------------------------------
Updated cvs package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/cvs-1.11.5-i386-1.tgz
Updated cvs package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/cvs-1.11.5-i386-1.tgz
MD5 SIGNATURE:
- --------------
Here is the md5sum for the package:
Slackware 8.1:
37d76c774c9474bf0117d429d6c3740e cvs-1.11.5-i386-1.tgz
Slackware -current:
c43d82187dfa695aa53aaf5b4d3050a1 cvs-1.11.5-i386-1.tgz
INSTALLATION INSTRUCTIONS:
- --------------------------
As root, upgrade to the new cvs.tgz package:
# upgradepkg cvs.tgz
Remember, it's also a good idea to backup configuration files before
upgrading packages.
- - Slackware Linux Security Team
http://www.slackware.com
+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+
- ----- End forwarded message -----
- --
\ | \ / White Vampire\Rem | http://gammaforce.org/
\|\| \/ whitevampire@mindless.com | http://gammagear.com/
"Silly hacker, root is for administrators." | http://webfringe.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (GNU/Linux)
iD8DBQE+LzCe3+rxmnEDyl8RAjbKAKDjn4IZ3a9E7QcbhfVfNTimeYti+ACg6ujC
0ppoA89c+nh7CcgSNrckK/g=
=fg3o
-----END PGP SIGNATURE-----
