Our immediate priorities are to prevent further exposure and ensure data integrity. Â We’ve had all hands on deck working on identifying the exploit vector or vectors, eliminating them, and are now focusing on verifying data integrity and restoring the impacted services.
As a short term response, we’ve taken down the following services to prevent any possible escalation:
* CVS Hosting
* ViewVC (web based code browsing)
* New Release upload capability
* Interactive Shell services
Once the immediate response to this attack is over, we will be providing a much more detailed account of what’s happened, and what specific actions we are taking to prevent further exploits.