[MPlayer-dev-eng] cvs remote vulnerability

Alvaro Lopes alvieboy at alvie.com
Tue Jan 21 17:17:14 CET 2003


D Richard Felker III wrote:

>On Tue, Jan 21, 2003 at 11:57:24AM +0100, Robert Penz wrote:
>  
>
>>http://security.e-matters.de/advisories/012003.html?SID=b105dbb11a6affba5feee752bfc3c53e
>>    
>>
>
>Anyone know how real/serious this is? The advisories are always lame
>and don't properly explain what privileges are compromised. I assume
>if you exploit anon cvs you only get an account as the anon cvs user,
>but with the 'security scene' kids trying to make their exploits look
>serious to boost their egos and reputations, they like to leave this
>sort of info out... :(
>  
>
Debian also issued an advisory, so I belive it might be serious or at 
least have some fundament. Usually they don't fix what has no need to be 
fixed, or at least mark it as 'recommendation'.

http://www.debian.org/security/

>In any case, mphq should probably upgrade asap.
>
>Rich
>
>_______________________________________________
>MPlayer-dev-eng mailing list
>MPlayer-dev-eng at mplayerhq.hu
>http://mplayerhq.hu/mailman/listinfo/mplayer-dev-eng
>  
>


-- 

Álvaro Lopes 
---------------------
A .sig is just a .sig




More information about the MPlayer-dev-eng mailing list