From owner-freebsd-security  Wed Feb  5  5:29:28 2003
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9A44E37B401
	for <security@FreeBSD.ORG>; Wed,  5 Feb 2003 05:29:26 -0800 (PST)
Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1AE4C43F43
	for <security@FreeBSD.ORG>; Wed,  5 Feb 2003 05:29:26 -0800 (PST)
	(envelope-from nectar@celabo.org)
Received: from opus.celabo.org (opus.celabo.org [10.0.1.111])
	by gw.nectar.cc (Postfix) with ESMTP
	id A5A2A43; Wed,  5 Feb 2003 07:29:25 -0600 (CST)
Received: by opus.celabo.org (Postfix, from userid 1001)
	id 6FDE45783; Wed,  5 Feb 2003 07:27:25 -0600 (CST)
Date: Wed, 5 Feb 2003 07:27:25 -0600
From: "Jacques A. Vidrine" <nectar@FreeBSD.org>
To: Ben Stuyts <ben@altus-escon.com>
Cc: security@FreeBSD.ORG
Subject: Re: cvs security fix not in RELENG_4?
Message-ID: <20030205132725.GD65577@opus.celabo.org>
References: <200302051315.OAA19437@giskard.altus-escon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200302051315.OAA19437@giskard.altus-escon.com>
X-Url: http://www.celabo.org/
User-Agent: Mutt/1.5.1i-ja.1
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, Feb 05, 2003 at 02:15:27PM +0100, Ben Stuyts wrote:
> Hi,
> 
> Regarding the security advisory concerning the remotely exploitable  
> vulnerability in cvs server:
> 
> I am running a 4-stable system with a cvs tag of RELENG_4 here. According to  
> the advisory, this system is vulnerable. 

The advisory says that RELENG_4 is NOT VULNERABLE as of `2003-01-21
22:26:46 UTC'.

> However, I cannot find a fix for this in the RELENG_4 branch.

Yes you can.  :-)  You found it:

> The affected file server.c has a cvs id of 1.13.2.5 dated 2003/01/21.  
> Nothing else has been committed since on this branch.

That revision contains the fix.  Compare the diff with the one
referenced from the advisory.

<URL: http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/cvs/src/server.c.diff?r1=1.13.2.4&r2=1.13.2.5 >
<URL: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:01/cvs.patch >

> Am I overlooking something?

The security problem was fixed with an upgrade to CVS 1.11.5 in
-CURRENT and -STABLE.  It was fixed with a simple patch in the
security branches.

Cheers,
-- 
Jacques A. Vidrine <nectar@celabo.org>          http://www.celabo.org/
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
jvidrine@verio.net     .  nectar@FreeBSD.org  .          nectar@kth.se

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message