On December 1st, 2003, we discovered that the "Savannah" system, which is maintained by the Free Software Foundation and provides CVS and development services to the GNU project and other Free Software projects, was compromised at circa November 2nd, 2003.. . .
On December 1st, 2003, we discovered that the "Savannah" system, which is maintained by the Free Software Foundation and provides CVS and development services to the GNU project and other Free Software projects, was compromised at circa November 2nd, 2003.

The compromise seems to be of the same nature as the recent attacks on Debian project servers; the attacker seemed to operate identically. However, this incident was distinctly different from the modus operandi we found in the attacks on our FTP server in August 2003. We have also confirmed that an unauthorized party gained root access and installed a root-kit ("SucKIT") on November 2nd, 2003.

The link for this article located at FreeSoftwareFoundation is no longer available.