Yesterday some security researches found six flaws in Concurrent Versions System (CVS) one of the open-source community's most popular programs for marinating code under development. Some of the most popular open-source projects use CVS. Such as Apache, GHOME, KDE, etc... Already the people behind the CVS program have issued a patch as well the Linux distributor SuSE.
Security researchers have found at least six more flaws in the open-software world's most popular program for maintaining code under development.
According to a representative of the project that oversees the program, known as the Concurrent Versions System, the vulnerabilities include a flaw that could let an attacker take control of a CVS server from the Internet, putting the code repository's contents at risk. The flaws were discovered as part of an analysis of the program's code following the announcement last month of a similar set of issues.
The security flaws underscore the advice of CVS Project leaders, who say development teams should not be placing source-code repositories directly on the Internet. Rather, the repositories should be accessible only on private local networks or through VPNs (virtual private networks), said Derek Robert Price, one of three maintainers of the CVS Project and the project's release manager.
News source: C|Net News.com