Updated cvs package fixes security vulnerability
Publication date: 19 Aug 2017Modification date: 19 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-12836
Description
It was discovered that CVS, a centralised version control system, did not correctly handle maliciously constructed repository URLs, which allowed an attacker to run an arbitrary shell command (CVE-2017-12836).
References
SRPMS
5/core
- cvs-1.12.13-25.1.mga5
6/core
- cvs-1.12.13-26.1.mga6