Marcus Meissner discovered that the cvsbug program from CVS, which serves the popular Concurrent Versions System, uses temporary files in an insecure fashion. For the old stable distribution (woody) this problem has been fixed in version 1.11.1p1debian-13. In the stable distribution (sarge) the cvs package does not expose the cvsbug program anymore. In the unstable distribution (sid) the cvs package does not expose the cvsbug program anymore. We recommend that you upgrade your cvs package.
Marcus Meissner discovered that the cvsbug program from CVS, which serves the popular Concurrent Versions System, uses temporary files in an insecure fashion.
For the old stable distribution (woody) this problem has been fixed in version 1.11.1p1debian-13.
In the stable distribution (sarge) the cvs package does not expose the cvsbug program anymore.
In the unstable distribution (sid) the cvs package does not expose the cvsbug program anymore.
We recommend that you upgrade your cvs package.
MD5 checksums of the listed files are available in the original advisory.