===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata31.html,v
retrieving revision 1.9
retrieving revision 1.10
diff -c -r1.9 -r1.10
*** www/errata31.html 2002/11/16 18:25:07 1.9
--- www/errata31.html 2003/01/21 03:47:10 1.10
***************
*** 53,58 ****
--- 53,70 ----
All architectures
+
+ - 020: SECURITY FIX: January 20, 2003
+ A double free in
+ cvs(1)
+ could allow an attacker to execute code with the privileges of the
+ user running cvs. This is only an issue when the cvs command is
+ being run on a user's behalf as a different user. This means that,
+ in most cases, the issue only exists for cvs configurations that use
+ the pserver client/server connection method.
+ A
+ source code patch exists which remedies the problem.
+
- 019: SECURITY FIX: November 14, 2002
A buffer overflow in
***************
*** 283,289 ****
www@openbsd.org
!
$OpenBSD: errata31.html,v 1.9 2002/11/16 18:25:07 millert Exp $