Marcus Meissner discovered that the cvsbug program from gcvs, the Graphical frontend for CVS, which serves the popular Concurrent Versions System, uses temporary files in an insecure fashion. For the old stable distribution (woody) this problem has been fixed in version 1.0a7-2woody1. For the stable distribution (sarge) this problem has been fixed in version 1.0final-5sarge1. The unstable distribution (sid) does not expose the cvsbug program. We recommend that you upgrade your gcvs package.
Marcus Meissner discovered that the cvsbug program from gcvs, the Graphical frontend for CVS, which serves the popular Concurrent Versions System, uses temporary files in an insecure fashion.
For the old stable distribution (woody) this problem has been fixed in version 1.0a7-2woody1.
For the stable distribution (sarge) this problem has been fixed in version 1.0final-5sarge1.
The unstable distribution (sid) does not expose the cvsbug program.
We recommend that you upgrade your gcvs package.
MD5 checksums of the listed files are available in the original advisory.