logo       
<prev   next>

Re: CVS 1.11.5 Released <strong>(Security Update)</strong>: msg#00069

Subject: Re: CVS 1.11.5 Released <strong>(Security Update)</strong> 
"Derek Robert Price" <derek@xxxxxxxxxxx> wrote in message 
news:mailman.647.1043101220.21513.bug-cvs@xxxxxxxxxx
> Without going into too much detail, the vulnerability allows read-only
> CVS users to execute arbitrary code as the user the CVS server
> executable is running as.

Can you tell me whether these bugs are generally being introduced
by enhancements, or whether they are long-standing bugs, recently
uncovered?

I was wondering if rather than every release replacing one set
of bugs with another set of bugs, we could have a particular
version (maybe starting with 1.11.5), which will be continually
updated, with bug fixes only, even when version 1.14.17 has
just been released.

Basically have a version of CVS that is bug-free as far as anyone
knows.

And repeat this process every 4 years, so that the "genuinely"
stable version is eventually updated.  But those who want the
features only made available in the last 4 years are not
impacted at all.  But any bug fixes found, are retrofitted into
the last stable version.

Is this feasible?

BFN.  Paul.
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  GANHE DINHEIRO $$$,
Next by Date:  CVS 1.11.4 - bug in myndbm.c, Mariusz Wojsyk
Previous by Thread:  RE: CVS 1.11.5 Released <strong>(Security Update)</strong>, Shankar Unni
Next by Thread:  Please start a release branch (was: CVS 1.11.5 Released <strong>(Security Update)</strong>), Ingolf Steinbach
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
web.pylons.gene...    hurd.l4/2002-10...    kernel.commits....    user-groups.lin...    yellowdog.gener...    java.drools.use...    security.openva...    package-managem...    linux.debian.us...    qnx.openqnx.dev...    genealogy.gramp...    file-systems.if...    voip.wengophone...    tex.context/200...    ietf.smime/2003...    audio.csound.de...    culture.region....    xfree86.devel/2...    mobile.kannel.u...    distributed.con...    education.engli...    org.user-groups...    bug-tracking.gn...    recreation.bicy...   
Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe