This issue does not affect CVS - it is CVSNT specific - but since it is
a serious issue I'm posting it here to help get word out.

During regular auditing and maintenance of our source code we have
discovered a serious security issue with CVSNT that affects CVSNT 2.0.58
and later (including all builds of 2.5.01, 2.5.02, 2.5.03 before build
3736 and 2.5.04 releases before build 2862; CVS Suite 2.5.03, CVS Suite
2008 before build 3736 (and CVS Suite 2009 pre-releases before 3729) and
has a proven exploit.

We recommend you upgrade to:
* CVSNT 2.5.05.3744, or
* CVSNT 2.5.03.3736, or
* CVSNT 2.8.01.3759

More details are available here, including the complete list of affected
versions:
http://march-hare.com/cvspro/vuln.htm

We have already notified the maintainers of the list of Common
Vulnerabilities and Exposures and they have assigned the candidate
CVE-2010-1326 to this issue.

If you are a support customer then you can download the update from the
customer area of the march-hare.com web site and discuss any problems
with the support team. Please do not contact me directly about this
issue.

Regards,


Arthur Barrett
Product Manager