CNET News: Flaws Drill Holes in Open-Source Repository

"Flaws in two popular source code repository applications could allow attackers to access and corrupt open-source software projects, a security researcher said Wednesday.

"One vulnerability affects the Concurrent Versions System (CVS), an application used by many developers to store program code. The other flaw affects a newer, less widely used system known as Subversion, said Stefan Esser, the researcher who discovered the security holes..."

Complete Story

Related Stories:

• Mandrakelinux Advisories: libneon, cvs(May 20, 2004)
• Fedora Core Advisories: tcpdump, cvs, kdepim, neon, subversion, kdelibs, ipsec-tools(May 20, 2004)
• Debian GNU/Linux Advisories: neon, cvs, heimdal, cadaver(May 19, 2004)
• Fedora Core Advisories: mailman, neon, cvs, kdelibs(May 19, 2004)
• LBA-Linux Advisories: neon, libpng, utempter, kernel, mc, httpd, lha, xchat, et al(May 10, 2004)