Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Holes in CVS and Subversion Found

Posted by simoniker on from the nee-naw dept.

joe_bruin writes "News.com.com is reporting a two separate vulnerabilities that affect current versions of CVS and Subversion source control systems. Apparently, major users of these products (Linux and BSD distros, Samba, etc.) have been notified and have patched their systems." Update: 05/20 02:01 GMT by S : Clarification that there are separate issues for both CVS and Subversion.

18 of 250 comments (clear)

  1. Thankfully, I use Visual Source Safe by Anonymous Coward · · Score: 5, Funny

    If you compromise it, it's so broken you can't even use it to control source.

  2. Great! by Psychor · · Score: 5, Funny

    Great, I'll grab it just as soon as the source for the patch goes into CVS! Oh wait...

    1. Re:Great! by bladernr · · Score: 4, Funny

      CVS: Putting the "Open" back in "Open Source Software"

      --
      Sarcasm and hyperbole are the final refuges for weak minds
  3. uh oh! by L0stm4n · · Score: 2, Funny

    hopefully no evil hax0rs use this to steal the source code of linux! ( I know it in't in a cvs but it has a cvs gateway )

    --
    superman runs linux
    1. Re:uh oh! by GregAndreou · · Score: 4, Funny

      Steal the source code? They could just download it from kernel.org...

      --
      My freedom ends where someone else's begins
    2. Re:uh oh! by damgx · · Score: 2, Funny

      You know what happens if you steal from Santa right?

      You go on his "bad" list. And as Linus says: Don't mess with penguins.

      --
      I only read slash. for the articles...
  4. Re:Sourceforge... by nacturation · · Score: 5, Funny

    If they don't fix it in time, does this mean they'll be changing their name to Sourceforget?

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  5. Another security flaw found by Canberra+Bob · · Score: 5, Funny

    Just goes to show how open source leads to insecure software and the commercial software model is better.

    Oh wait..thats not right...

    Take 2

    this just goes to show that with so many eyes viewing the software that bugs will be found and corrected, and we do not know how many undetected bugs are in commercial software.

  6. CVS and Subversion? by Anonymous Coward · · Score: 5, Funny
    I knew that Subversion was complete in its support for CVS users, but this is going too far.

    Laugh, it's a joke.

  7. Re:Sourceforge... by jpetts · · Score: 5, Funny

    If they don't fix it in time, does this mean they'll be changing their name to Sourceforget?

    No, it means they'll be changing their name to ForgeSource

    --
    Call me old fashioned, but I like a dump to be as memorable as it is devastating - Bender
  8. Re:open source databases?? by tumbaumba · · Score: 2, Funny

    They may use the *concept* of a database *internally*, but then again so do iTunes and Emacs and probably a bunch of other programs.

    I concur about emacs. Not only it is a database but it can also do this and that. Now if only I could make my emacs to brew coffee.

  9. Re:Sourceforge... by linzeal · · Score: 2, Funny
    No it means they will have things like this coming up.

    h4(|{3Ð b $n00p, 94nÐ4 4nÐ r3Ð 7h3 q33r. 0v3 0 m4m4 0n9 71m3!

    --
    An Education is the Font of All Liberty
  10. Re:Sourceforge... by Bingo+Foo · · Score: 4, Funny

    SCO wants their name changed to Sourceforgery.

    --
    taken! (by Davidleeroth) Thanks Bingo Foo!
  11. Re:Sourceforge... by Anonymous Coward · · Score: 1, Funny

    If they don't fix it in time, does this mean they'll be changing their name to Sourceforget? Nah, after they get hacked as a result, they'll have to rename to ForgedSource.

  12. Re:open source databases?? by florist · · Score: 3, Funny
    Now if only I could make my emacs to brew coffee.

    you can. there is a coffee.el package
    http://list-archive.xemacs.org/xemacs-beta/199909/ msg00368.html

  13. Re:Sourceforge... by Geekenstein · · Score: 4, Funny

    No, if they don't fix it in time, *I'LL* change their name for them. *EEEEVVVILLLL*

  14. Re:Second Level security? by Rick+and+Roll · · Score: 2, Funny
    Security is a hard problem

    P class or NP class?

  15. Re:Just goes to show... by aardvarkjoe · · Score: 2, Funny
    I've been wondering if it isn't possible that its even less secure.

    Of course not! There are thousands of slashdot posts asserting that it's not true. If that doesn't constitute proof, I don't know what does.
    --

    How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?