Ubuntu: 2023-045 Security: Sudo Privilege Escalation Vulnerability

CVS (Concurrent Version System) is a version control system that can

record the history of your files (usually, but not always, source

code). CVS only stores the differences between versions, instead of

every version of every file you have ever created. CVS also keeps a log

of who, when, and why changes occurred.

CVS is very helpful for managing releases and controlling the

concurrent editing of source files among multiple authors. Instead of

providing version control for a collection of files in a single

directory, CVS provides version control for a hierarchical collection

of directories consisting of revision controlled files. These

directories and files can then be combined together to form a software

release.

The client for CVS before 1.11.15 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates.

Updated packages were made available in April 2004 however the original update notification email did not make it to fedora-announce-list at that time.

* Wed Apr 21 2004 Nalin Dahyabhai <nalin@redhat.com> 1.11.15-1

- update to 1.11.15, fixing CAN-2004-0180 (#120969)

* Tue Mar 23 2004 Nalin Dahyabhai <nalin@redhat.com> 1.11.14-1

- update to 1.11.14

* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>

- rebuilt

* Wed Jan 07 2004 Nalin Dahyabhai <nalin@redhat.com> 1.11.11-1

- turn kserver, which people shouldn't use any more, back on

* Tue Dec 30 2003 Nalin Dahyabhai <nalin@redhat.com>

- update to 1.11.11

* Thu Dec 18 2003 Nalin Dahyabhai <nalin@redhat.com> 1.11.10-1

- update to 1.11.10

This update can be downloaded from:

a4f1dea17be76c29ad0bdeff09a80bba SRPMS/cvs-1.11.15-...