RE: Security Breach Alert - CVS Home File Download Area Compromised

bug-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Security Breach Alert - CVS Home File Download Area Compromised

From:	Conrad T. Pino
Subject:	RE: Security Breach Alert - CVS Home File Download Area Compromised
Date:	Fri, 28 Jan 2005 15:20:24 -0800

Hi All,

I just got off the phone with Kenneth Schwartzman of Collab Net.
Kenneth reports the IT Engineering team investigated my report
and found no evidence to support a security breach.

The unexpected download behaviors I reported previously are now
believed to be a consequence of MIME type information supplied
by Apache 2.0 being acted upon differently by various browsers.

Collab Net IT Engineering, Mark Baushke, Larry Jones and I all
support this hypothesis.

Collab Net IT Engineering understands the desirability of having
a download content authentication method in place and will focus
attention on this issue after completing more pressing issues.

I'm closing this topic thread and will continue the issue as
"Binary File Download Authentication" on the "Bug-CVS" list.

I'm sorry for any inconvenience this false alarm may have caused
but a prior recent successful breach made it seem prudent to raise
an alarm even though only incomplete information was available.

Best regards,

Conrad T. Pino

[Prev in Thread]

Current Thread

[Next in Thread]

RE: Security Breach Alert - CVS Home File Download Area Compromised, (continued)
- RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/26
- RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino <=

Prev by Date: Re: Suppressing cvs log output when only header information selected
Next by Date: Binary File Download Authentication
Previous by thread: RE: Security Breach Alert - CVS Home File Download Area Compromised
Next by thread: CVS-1_11_18 Client build for VMS
Index(es):
- Date
- Thread