This may not be news to many, and SourceForge may already have applied the necessary patch, but I thought that I should share the link here anyway since OpenBeOS uses CVS as a code repository. Czeslaw ================================================ Flaws drill holes in open-source repository By Robert Lemos CNET News.com May 19, 2004, 1:42 PM PT Flaws in two popular source code repository applications could allow attackers to access and corrupt open-source software projects, a security researcher said Wednesday. One vulnerability affects the Concurrent Versions System (CVS), an application used by many developers to store program code. The other flaw affects a newer, less widely used system known as Subversion, said Stefan Esser, the researcher who discovered the security holes. Full story here: http://zdnet.com.com/2100-1105-5216353.html