[cvsnt] CVSNT Security Note 5871 (CVE-2010-1326)
Arthur Barrett
arthur.barrett at march-hare.com
Thu Apr 15 07:31:21 BST 2010
During regular auditing and maintenance of our source code we have
discovered a serious security issue with CVSNT which affects CVSNT
2.0.58 and later (including all builds of 2.5.01, 2.5.02, 2.5.03 before
build 3736 and 2.5.04 releases before build 2862; CVS Suite 2.5.03, CVS
Suite 2008 before build 3736 (and CVS Suite 2009 pre-releases before
3729) and has a proven exploit.
We recommend you upgrade to:
* CVSNT Low Performance Community Server 2.5.05.3744, or
* CVS Suite Server 2008 [2.5.03.3736] or
* CVS Suite High Performance Server 2009 [2.8.01.3759 or 2.8.01.3761]
More details are available here, including the complete list of affected
versions:
http://march-hare.com/cvspro/vuln.htm
We have already notified the maintainers of the list of Common
Vulnerabilities and Exposures and they have assigned the candidate
CVE-2010-1326 to this issue.
If you are a support customer then you can download the update from the
customer area of the march-hare.com web site and discuss any problems
with the support team. Please do not contact me directly about this
issue.
Regards,
Arthur Barrett
Product Manager
More information about the cvsnt
mailing list