CVSWeb insecure perl "open" Vulnerability

Solution:
Upgrade to at least version 1.86 available from http://stud.fh-heilbronn.de/~zeller/cgi/cvsweb.cgi/

Debian:
Fixed in: Debian 2.1 (slink):
Source:
http://security.debian.org/dists/slink/updates/source/cvsweb_109.dsc
http://security.debian.org/dists/slink/updates/source/cvsweb_109.tar.gz
Architecture-independent binary:
http://security.debian.org/dists/slink/updates/binary-all/cvsweb_109_all.deb
Debian 2.2 (potato):
Source:
http://http.us.debian.org/debian/dists/potato/main/source/devel/cvsweb_1.79-3potato1.diff.gz
http://http.us.debian.org/debian/dists/potato/main/source/devel/cvsweb_1.79-3potato1.dsc
http://http.us.debian.org/debian/dists/potato/main/source/devel/cvsweb_1.79.orig.tar.gz
Architecture-independent binary:
http://http.us.debian.org/debian/dists/potato/main/binary-all/devel/cvsweb_1.79-3potato1.deb


CVSWeb Developer CVSWeb 1.80


 

Privacy Statement
Copyright 2010, SecurityFocus