httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Regarding pserver
Date Sat, 21 Jun 1997 19:50:00 GMT

------- Forwarded Message

From: Andrew Bennett <abennett@hyperreal.com>
Message-Id: <199706211946.MAA16934@hyperreal.com>
Subject: Re: pserver disabled on taz?
To: randy@zyzzyva.com (Randy Terbush)
Date: Sat, 21 Jun 1997 12:46:31 -0700 (PDT)
In-Reply-To: <199706211525.KAA05467@sierra.zyzzyva.com> from "Randy Terbush" at Jun
21, 97 10:25:58 am
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

A as-yet to be announced security hole was found with cvs.  There's a
patch out to it that sort of fixes it, but my understanding is that a
better fix is in development and will be released sometime later.  In the
meantime, I disabled the process that gets launched from remote sites to
use cvs, deciding that Brian should fix the code at his convienence upon
returning from South Africa.

Sorry for the lack-of-notice and any inconvienence this may have caused.
My understanding is that the bug in cvs is being analyzed by CERT and
other security related teams, and I was asked to not publicize it until
later.

Please pass this on Randy to new-httpd.  I'd appreciate it.


Andrew
--

  Andrew Bennett
  abennett@hyperreal.com, abennett@cruzio.com
  http://taz.hyperreal.com/~abennett/

------- End of Forwarded Message




Mime
View raw message