[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Found read-only security hole in svnserve

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: 2003-12-01 17:36:53 CET

On Mon, 2003-12-01 at 05:30, Greg Stein wrote:
> On Mon, Dec 01, 2003 at 02:27:11AM -0500, Greg Hudson wrote:
> > svnserve's compatibility code for old clients was allowing clients to
> > read a repository even if anon-access was set to "none". I've fixed
> > this in r7888. This probably warrants an 0.33.2 if at all possible.
> I'd say port the fix over to 0.34 and recommend an upgrade to that
> instead. If we have to make a release, then I'd say stick to just 0.34.

Okay. I guess if people don't want to immediately deal with dumping and
loading their repositories to upgrade to 0.34, they can apply a source
patch to 0.33.1.

(The number of users affected by the problem is probably miniscule

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Dec 1 17:38:20 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.