[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[TSVN] Re: zlib security flaw?

From: Peter McNab <mcnab_p_at_melbpc.org.au>
Date: 2005-07-07 15:49:25 CEST

Mark Phippard wrote:

>Does anyone know any details about this?
>
>http://www.eweek.com/article2/0,1759,1834632,00.asp?kc=EWRSS03119TX1K0000594
>
>The article was posted last night and is on their front page. However,
>the problem sounds exactly like the problem fixed in zlib 1.2.2. Did
>eWeek just pick up an old story or is there a new bug? I do not see a new
>version of zlib, but the article does say that the fix is not posted yet.
>
>Since new Windows binaries will soon be posted, as well as a new version
>of TortoiseSVN, we should probably clear this up so that if there is a fix
>it is included.
>
>Thanks
>
>Mark
>
>
>
It's new.
See also
http://www.uniras.gov.uk/niscc/index-en.html

If the svn source code and binaries can be trusted to not exploit, the
published buffer overflow, as one would expect to be the case then it
should not pose a problem for the distribution of compressed svn files.

However if the zlib library is also used within svn repository then
there are potential security risks for svn users.

Peter

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Thu Jul 7 15:49:49 2005

This is an archived mail posted to the TortoiseSVN Dev mailing list.