CVSNT Security Note 5871 (CVE-2010-1326)

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVSNT Security Note 5871 (CVE-2010-1326)

From:	Arthur Barrett
Subject:	CVSNT Security Note 5871 (CVE-2010-1326)
Date:	Thu, 15 Apr 2010 17:32:07 +1100

This issue does not affect CVS - it is CVSNT specific - but since it is
a serious issue I'm posting it here to help get word out.

During regular auditing and maintenance of our source code we have
discovered a serious security issue with CVSNT that affects CVSNT 2.0.58
and later (including all builds of 2.5.01, 2.5.02, 2.5.03 before build
3736 and 2.5.04 releases before build 2862; CVS Suite 2.5.03, CVS Suite
2008 before build 3736 (and CVS Suite 2009 pre-releases before 3729) and
has a proven exploit.

We recommend you upgrade to:
* CVSNT 2.5.05.3744, or
* CVSNT 2.5.03.3736, or 
* CVSNT 2.8.01.3759 

More details are available here, including the complete list of affected
versions:
http://march-hare.com/cvspro/vuln.htm

We have already notified the maintainers of the list of Common
Vulnerabilities and Exposures and they have assigned the candidate
CVE-2010-1326 to this issue.

If you are a support customer then you can download the update from the
customer area of the march-hare.com web site and discuss any problems
with the support team.  Please do not contact me directly about this
issue.

Regards,


Arthur Barrett
Product Manager

[Prev in Thread]

Current Thread

[Next in Thread]

CVSNT Security Note 5871 (CVE-2010-1326), Arthur Barrett <=

Prev by Date: RE: Windows 7 Compatibililty
Next by Date: Issue with PAM authentication in 1.12.13 "PAM reestablish credentials error"
Previous by thread: Windows 7 Compatibililty
Next by thread: Issue with PAM authentication in 1.12.13 "PAM reestablish credentials error"
Index(es):
- Date
- Thread