During regular auditing and maintenance of our source code we have discovered a serious security issue with CVSNT which affects CVSNT 2.0.58 and later (including all builds of 2.5.01, 2.5.02, 2.5.03 before build 3736 and 2.5.04 releases before build 2862; CVS Suite 2.5.03, CVS Suite 2008 before build 3736 (and CVS Suite 2009 pre-releases before 3729) and has a proven exploit.
We recommend you upgrade to: * CVSNT Low Performance Community Server 2.5.05.3744, or * CVS Suite Server 2008 [2.5.03.3736] or * CVS Suite High Performance Server 2009 [2.8.01.3759 or 2.8.01.3761] More details are available here, including the complete list of affected versions: http://march-hare.com/cvspro/vuln.htm We have already notified the maintainers of the list of Common Vulnerabilities and Exposures and they have assigned the candidate CVE-2010-1326 to this issue. If you are a support customer then you can download the update from the customer area of the march-hare.com web site and discuss any problems with the support team. Please do not contact me directly about this issue. Regards, Arthur Barrett Product Manager _______________________________________________ cvsnt mailing list [email protected] http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt Upgrade to CVS Suite for more features and support: http://march-hare.com/cvsnt/
