Debian CVS server compromised
Here’s news of a breach that (I presume) involved no PII, but which could be significant.
I wrote [link to http://www.cwalsh.org/blog/archives/000006.php no longer works] about a previous Debian breach back in December, 2003. I hadn’t realized it had been so long!
Update: Local vuln used to elevate privs. Local access gained due to weak developer password. Details here.