[MPlayer-dev-eng] cvs remote vulnerability
Alvaro Lopes
alvieboy at alvie.com
Tue Jan 21 17:17:14 CET 2003
D Richard Felker III wrote:
>On Tue, Jan 21, 2003 at 11:57:24AM +0100, Robert Penz wrote:
>
>
>>http://security.e-matters.de/advisories/012003.html?SID=b105dbb11a6affba5feee752bfc3c53e
>>
>>
>
>Anyone know how real/serious this is? The advisories are always lame
>and don't properly explain what privileges are compromised. I assume
>if you exploit anon cvs you only get an account as the anon cvs user,
>but with the 'security scene' kids trying to make their exploits look
>serious to boost their egos and reputations, they like to leave this
>sort of info out... :(
>
>
Debian also issued an advisory, so I belive it might be serious or at
least have some fundament. Usually they don't fix what has no need to be
fixed, or at least mark it as 'recommendation'.
http://www.debian.org/security/
>In any case, mphq should probably upgrade asap.
>
>Rich
>
>_______________________________________________
>MPlayer-dev-eng mailing list
>MPlayer-dev-eng at mplayerhq.hu
>http://mplayerhq.hu/mailman/listinfo/mplayer-dev-eng
>
>
--
Álvaro Lopes
---------------------
A .sig is just a .sig
More information about the MPlayer-dev-eng
mailing list