interesting... that CVS sux i knew but that SubVersion is affected too... then i haveThis may not be news to many, and SourceForge may already have applied the necessary patch, but I thought that I should share the link here anyway since OpenBeOS uses CVS as a code repository.
Czeslaw
================================================
Flaws drill holes in open-source repository
By Robert Lemos CNET News.com
May 19, 2004, 1:42 PM PT
Flaws in two popular source code repository applications could allow attackers to access and corrupt open-source software projects, a security researcher said Wednesday.
One vulnerability affects the Concurrent Versions System (CVS), an application used by many developers to store program code. The other flaw affects a newer, less widely used system known as Subversion, said Stefan Esser, the researcher who discovered the security holes.
Full story here: http://zdnet.com.com/2100-1105-5216353.html