Subject: cvs(1) patches available for CAN-2005-0753


Fixes for a buffer overflow, memory leaks, and a NULL pointer
dereference in cvs(1) have been made available. None of these issues
are known to be exploitable.  CVE Reference: CAN-2005-0753.

The fixes have been applied to the 3.5-stable, 3.6-stable and
3.7-stable branches, and are also available as patches:

3.5 patch:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/033_cvs4.patch
3.6 patch:  
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/016_cvs.patch
3.7 patch:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/001_cvs.patch

	-Otto