Dailydave mailing list archives
Re: Anonymized posting
From: "Evgeny Demidov" <demidov () gleg net>
Date: Thu, 10 Jun 2004 04:24:53 +0400
Hello,
On Wed, 09 Jun 2004 17:04:50 -0400 Dave Aitel <dave () immunitysec com> wrote: Hi list! http://security.e-matters.de/advisories/092004.htmlMore CVS bugs killed, bringing the number of published CVS bugs from e-matters (not that all were found by e-matters, but counting them as the originating point of the advisory) to eight. Unless I've missed some.The question now is - is CVS safe to use?
That advisory does not change anything really. CVS always has been a terribly written codebase. The same applies to subversion. After Entry is-modified overflow bug has been published I decided to spent a couple of hours on CVS source code audit. Results were really funny - two nice 'off by one' bugs. Both of them were killed with the release of the latest teso team advisory, but who really cares? Its much more interesting to find the bugs which were made by software developers rather then introducing your own using CVS exploits.
Best regards -Evgeny Demidov _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- anonymized posting Dave Aitel (May 11)
- <Possible follow-ups>
- Anonymized posting Dave Aitel (May 28)
- RE: Anonymized posting Jason Hooper (May 28)
- RE: Anonymized posting Thor Larholm (May 28)
- Re: Anonymized posting Dave Aitel (May 28)
- Anonymized posting Dave Aitel (Jun 09)
- Re: Anonymized posting wirepair (Jun 09)
- Re: Anonymized posting Frank Knobbe (Jun 09)
- Re: Anonymized posting Evgeny Demidov (Jun 09)