Update to 1.11.16:

Changes since 1.11.15:
**********************

SERVER SECURITY FIXES

* A potential buffer overflow vulnerability in the server has been fixed.
  Prior to this patch, a malicious client could potentially use carefully
  crafted server requests to run arbitrary programs on the CVS server machine.
  This addresses the Common Vulnerabilities and Exposures Project's issue
  #CAN-2004-0396.  Please see <http://www.cve.mitre.org> for more information.

BUG FIXES

* The Microsoft Visual C++ workspace and project files have been repaired and
  regenerated with MSVC++ 6.0.

* The cvs.1 man page is now generated automatically from a section of the CVS
  Manual.

* Thanks to a report from Mark Andrews at the Internet Systems Consortium, the
  :ext: connection method no longer relies on a transparent transport that uses
  an argument processor that can handle arbitrary ordering of options and other
  arguments when using a username other than the caller's.

* Thanks to Ken Raeburn at MIT, directory deletion, whether via `cvs release'
  or empty directory pruning, now works on network shares under Windows XP.

0 files changed, 0 insertions, 0 deletions