This issue does not affect CVS - it is CVSNT specific - but since it is a serious issue I'm posting it here to help get word out.
During regular auditing and maintenance of our source code we have discovered a serious security issue with CVSNT that affects CVSNT 2.0.58 and later (including all builds of 2.5.01, 2.5.02, 2.5.03 before build 3736 and 2.5.04 releases before build 2862; CVS Suite 2.5.03, CVS Suite 2008 before build 3736 (and CVS Suite 2009 pre-releases before 3729) and has a proven exploit. We recommend you upgrade to: * CVSNT 2.5.05.3744, or * CVSNT 2.5.03.3736, or * CVSNT 2.8.01.3759 More details are available here, including the complete list of affected versions: http://march-hare.com/cvspro/vuln.htm We have already notified the maintainers of the list of Common Vulnerabilities and Exposures and they have assigned the candidate CVE-2010-1326 to this issue. If you are a support customer then you can download the update from the customer area of the march-hare.com web site and discuss any problems with the support team. Please do not contact me directly about this issue. Regards, Arthur Barrett Product Manager
