So, I just saw this morning that RH issued an update for CVS, and in the information there was this line: A flaw was found in versions of CVS prior to 1.11.10 where a malformed module request could cause the CVS server to attempt to create files or directories at the root level of the file system. However, normal file system permissions would prevent the creation of these misplaced directories. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0977 to this issue. Since RHL 8/7.x presumably have a CVS version that is prior to 1.11.10, we need to investigate and possibly backport the fix. Any volunteers ? This brings me to my next point, should we have a standard form for requesting updates? We've pretty much standardized the announcing updates (I'll upload a final version to the website today for final approval), but we should probably have something for requesting them as well. Seth Vidal and I worked on a format for fedora-devel, so that could be modified for legacy use. http://linux.duke.edu/~skvidal/misc/fedora-request-template.txt Until I get the time to revamp this, if anybody on the list would like to go through it and fix it up for legacy use, I'd appreciate it. -- Jesse Keating RHCE MCSE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) Mondo DevTeam (www.mondorescue.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating
