On Monday 24 January 2005 06:45 pm, Bart Garst wrote:
>
> Do I understand correctly that the attack would be directed at a server
> that has remote access (via pserver mechanism - sourceforge for
> example), but not towards a remote user?
When downloading files from the
www.cvshome.org web site, more data comes in
the download than documented on the site. ie. The files are larger than they
should be. The fear is that someone may be changing the binary downloads to
include a payload of unkown intent.
There is no vulnerability of CVS servers or clients involved. The cvshome.org
web site may have been breached.
They are investigating further.
All the details that I know are in the info-cvs list archive starting with
this message:
http://lists.gnu.org/archive/html/info-cvs/2005-01/msg00259.html
Alan
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)