File 03cvs-client-exploit-fix.diff of Package cvs
@@ -767,6 +767,19 @@
+ /* For security reasons, if PATHNAME is absolute or attemps to ascend
+ * outside of the current sanbbox, we abort. The server should not send us
+ * anything but relative paths which remain inside the sandbox here.
+ * Anything less means a trojan CVS server could create and edit arbitrary
+ * files on the client.
+ if (isabsolute (pathname) || pathname_levels (pathname) > 0)
+ error (0, 0,
+ "Server attempted to update a file via an invalid pathname:");
+ error (1, 0, "`%s'.", pathname);
reposname = NULL;
assert (reposname != NULL);