Re: svnserve DoS attack (1.7.8)

From: Daniel Shahaf <danielsh_at_apache.org>
Date: Wed, 22 May 2013 20:49:17 +0000

On Sun, May 19, 2013 at 11:18:49AM +0200, Stefan Sperling wrote:
> On Wed, May 15, 2013 at 02:08:57PM +0400, Boris Lytochkin wrote:
> > It is possible to force svnserve daemon to exit using trivial (and valid) TCP session:
>
> Thanks for your bug report and patch, Boris.
> We'll release updates soon that include a fix for this issue.
>

For the record, the fix will be included in 1.6.22, 1.7.9, 1.8.0-rc3, 1.8.0.

> Our guidelines for reporting security issues are here:
> http://subversion.apache.org/security/

This issue has been assigned the identifier CVE-2013-2112. It will be added to
the public list in due course.
Received on 2013-05-22 22:49:24 CEST

This message: [ Message body ]
Next message: Varnau, Steve (Seaquest R&D): "Tags - Symbolic names instead of Directory copy?"
Previous message: C. Michael Pilato: "Re: Subversion Doesn't Have Branches aka Crossing the Streams aka Branches as First Class Objects?"
In reply to: Stefan Sperling: "Re: svnserve DoS attack (1.7.8)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]