OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
CVS: cvs.openbsd.org: src

From: Brad Smith (bradcvs.openbsd.org)
Date: Fri Apr 30 2004 - 19:17:35 CDT


CVSROOT: /cvs
Module name: src
Changes by: bradcvs.openbsd.org 2004/04/30 18:17:35

Modified files:
        gnu/usr.bin/cvs/src: Tag: OPENBSD_3_3 client.c modules.c

Log message:
MFC:
Fix by otto

- a malicious server may send path names that translate out of the
local cvs tree on the client, enabling the server to overwrite files
on the client.

- a client may read files outside the repository using the -p flag
with the checkout command.

ok deraadt otto