![[BACK]](/icons/back.gif){kind=icon}
Return to errata.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www|
Return to errata.html CVS log | Up to [local] / www |
| version 1.485, 2004/05/04 15:44:39 | version 1.486, 2004/05/05 07:35:15 | ||
|---|---|---|---|
|
|
||
| <a name="all"></a> | <a name="all"></a> | ||
| <h3><font color="#e00000">All architectures</font></h3> | <h3><font color="#e00000">All architectures</font></h3> | ||
| <ul> | <ul> | ||
| <li>No problems identified yet. | <li><a name="cvs"></a> | ||
| <font color="#009000"><strong>002: SECURITY FIX: May 5, | |||
| 2004</strong></font><br> | |||
| Pathname validation problems have been found in | |||
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">cvs(1)</a>, | |||
| allowing malicious clients to create files outside the repository, allowing | |||
| malicious servers to overwrite files outside the local CVS tree on | |||
| the client and allowing clients to check out files outside the CVS | |||
| repository. | |||
| <br> | |||
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch"> | |||
| A source code patch exists which remedies this problem</a>.<br> | |||
| <p> | |||
| </ul> | </ul> | ||
| <p> | <p> | ||
| <a name="i386"></a> | <a name="i386"></a> |