eaaeb741bb
Changes since 1.11.15: ********************** SERVER SECURITY FIXES * A potential buffer overflow vulnerability in the server has been fixed. Prior to this patch, a malicious client could potentially use carefully crafted server requests to run arbitrary programs on the CVS server machine. This addresses the Common Vulnerabilities and Exposures Project's issue #CAN-2004-0396. Please see <http://www.cve.mitre.org> for more information. BUG FIXES * The Microsoft Visual C++ workspace and project files have been repaired and regenerated with MSVC++ 6.0. * The cvs.1 man page is now generated automatically from a section of the CVS Manual. * Thanks to a report from Mark Andrews at the Internet Systems Consortium, the :ext: connection method no longer relies on a transparent transport that uses an argument processor that can handle arbitrary ordering of options and other arguments when using a username other than the caller's. * Thanks to Ken Raeburn at MIT, directory deletion, whether via `cvs release' or empty directory pruning, now works on network shares under Windows XP. |
||
|---|---|---|
| .. | ||
| patches | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| MESSAGE | ||
| PLIST | ||