Debian Security Advisory DSA 802-1 (cvs) Network Vulnerability

Summary

The remote host is missing an update to cvs announced via advisory DSA 802-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20802-1

Insight

Marcus Meissner discovered that the cvsbug program from CVS, which serves the popular Concurrent Versions System, uses temporary files in an insecure fashion. For the old stable distribution (woody) this problem has been fixed in version 1.11.1p1debian-13. In the stable distribution (sarge) the cvs package does not expose the cvsbug program anymore. In the unstable distribution (sid) the cvs package does not expose the cvsbug program anymore. We recommend that you upgrade your cvs package.

Severity

Classification

CVE CVE-2005-2693

CVSS	Base Score: 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1071-1 (mysql)
Debian Security Advisory DSA 1079-1 (mysql-dfsg)
Debian Security Advisory DSA 1054-1 (tiff)
Debian Security Advisory DSA 1100-1 (wv2)
Debian Security Advisory DSA 1061-1 (popfile)

Take action and discover your vulnerabilities