Sylvain Beucler discovered that Savane, a 100% free software hosting platform, is vulnerable to a symlink attack on ~/.ssh user directories that may allow the attacker to gain access to other user accounts.
We forwarded the patch to gforge, which was also vulnerable, where it was identified as Debian-assigned CVE-2009-3304, disclosed today. We recommend that you upgrade your Savane installation with new version 3.0+3. The new version only contains this fix, hence does not otherwise introduce changes in its behavior. _______________________________________________ Message sent via/by Gna! http://gna.org/ _______________________________________________ Savane-announce mailing list savane-annou...@gna.org https://mail.gna.org/listinfo/savane-announce _______________________________________________ Savane-dev mailing list Savane-dev@gna.org https://mail.gna.org/listinfo/savane-dev
