Information on source package cvs

Available versions

ReleaseVersion
jessie (security)2:1.12.13+real-15+deb8u1
stretch (security)2:1.12.13+real-22+deb9u1
buster2:1.12.13+real-26
sid2:1.12.13+real-26

Resolved issues

BugDescription
CVE-2017-12836CVS 1.12.x, when configured to use SSH for remote repositories, might ...
CVE-2012-0804Heap-based buffer overflow in the proxy_connect function in ...
CVE-2010-3846Array index error in the apply_rcs_change function in rcs.c in CVS ...
CVE-2005-2693cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, ...
CVE-2005-0753Buffer overflow in CVS before 1.11.20 allows remote attackers to ...
CVE-2004-1471Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, ...
CVE-2004-1343CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when ...
CVE-2004-1342CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid ...
CVE-2004-0778CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote ...
CVE-2004-0418serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, ...
CVE-2004-0417Integer overflow in the "Max-dotdot" CVS protocol command ...
CVE-2004-0416Double free vulnerability for the error_prog_name string in CVS 1.12.x ...
CVE-2004-0414CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not ...
CVE-2004-0405CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot ...
CVE-2004-0396Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up ...
CVE-2004-0180The client for CVS before 1.11 allows a remote malicious CVS server to ...
CVE-2003-0977CVS server before 1.11.10 may allow attackers to cause the CVS server ...
CVE-2003-0015Double-free vulnerability in CVS 1.11.4 and earlier allows remote ...
CVE-2002-0844Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD ...

Security announcements

DSA / DLADescription
DSA-3940-1cvs - security update
DSA-3940-1cvs - security update
DLA-1056-1cvs - security update
DSA-2407-1cvs - heap overflow
DSA-802-1cvs - insecure temporary files
DSA-742-1cvs - buffer overflow
DSA-715-1cvs - several
DSA-519cvs - several vulnerabilities
DSA-517cvs - buffer overflow
DSA-505cvs - heap overflow
DSA-486cvs - several vulnerabilities
DSA-422cvs - remote vulnerability
DSA-233cvs - doubly freed memory

Search for package or bug name: Reporting problems