Menu
▾
▴
[TortoiseCVS] Security Issues with TortoiseCVS / TortoisePlink
|
From: Arthur B. <art...@ma...> - 2015-08-26 05:08:58
|
Just a quick reminder that the 'old' versions of CVSNT shipped with TortoiseCVS and WinCVS have known security vulnerabilities: https://www.march-hare.com/cvspro/security.htm CVSNT is the software that actually does the 'checkout' and 'commit' operations - you can 'see' it running in the 'progress' window in TortoiseCVS. CVSNT client is bundled with TortoiseCVS. TortoiseCVS is the 'GUI' that gives you the right click menu and dialog boxes. TortoiseCVS itself does not do any version control, that's what the CVSNT client is doing. In particular the CVSNT client (and hence TortoiseCVS) is susceptible to the recent 'wipe SSH-2 private keys from memory' and 'diffie-hellman range check' security issues. http://march-hare.com/cvspro/security.htm#CVE-2015-2157 CVS Suite 2009R2 (CVSNT 2.8.01) was updated on 3rd August 2015 to resolve this. CVS Suite 2009R2 client contains TortoiseCVS, WinCVS, CVS Suite Studio, Release Manager etc. and is compatible with Windows 8, Windows 7, Windows Vista and Windows XP. CVS Suite 2009R2 command line client is compatible with Linux, Mac and Windows. CVS Suite 2009R2 server contains the high performance server service, integration with Jira, Bugzilla and Mantis, failsafe audit, change and merge tracking and is compatible with Linux, Mac, and Windows Server 2012R2, Windows Server 2012, Windows Server 2008R2, Windows Server 2008 and Windows Server 2003. For more information please contact su...@ma... Regards, Arthur Barrett Product Manager March Hare Software authors of CVSNT since 2004 |