Compromise of gluck.debian.org
Posted on: 07/13/2006 10:06 AM
From the Debian mailing list:
Early this morning we discovered that someone had managed to compromise gluck.debian.org. We've taken the machine offline and are preparing to reinstall it. This means the following debian.org services are currently offline:
cvs, ddtp, lintian, people, popcon, planet, ports, release
Based on the results of our initial investigation we've locked down most other debian.org machines, limiting access to DSA only, until they can be fixed for what we suspect is the exploit used to compromise gluck.
We're still investigating exactly what happened and the extent of the damage. We'll post more info as soon as we reasonably can.