===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata33.html,v
retrieving revision 1.24
retrieving revision 1.25
diff -c -r1.24 -r1.25
*** www/errata33.html 2004/03/30 06:03:55 1.24
--- www/errata33.html 2004/05/05 07:35:16 1.25
***************
*** 56,61 ****
--- 56,74 ----
All architectures
+ -
+ 022: SECURITY FIX: May 5,
+ 2004
+ Pathname validation problems have been found in
+ cvs(1),
+ allowing malicious clients to create files outside the repository, allowing
+ malicious servers to overwrite files outside the local CVS tree on
+ the client and allowing clients to check out files outside the CVS
+ repository.
+
+
+ A source code patch exists which remedies this problem.
+
-
021: RELIABILITY FIX: March 17,
2004
***************
*** 338,344 ****
www@openbsd.org
!
$OpenBSD: errata33.html,v 1.24 2004/03/30 06:03:55 david Exp $