Hyrum K. Wright wrote:
> Ismail Dönmez wrote:
>
>> Thursday 27 December 2007 22:48:03 tarihinde Branko Čibej şunları yazmıştı:
>>
>>> Ismail Dönmez wrote:
>>>
>>>> Wednesday 26 December 2007 03:02:48 tarihinde Branko Čibej şunları
>>>>
>> yazmıştı:
>>
>>>>> Hmm, I almost prefer adding a custom case-fold-compare to svn_string.
>>>>> I've got this feeling this is taking too much for granted (apart from
>>>>> falling over on edge cases, which I'm not that worried about).
>>>>>
>>>> Something like the attached patch maybe? Provided that function name is
>>>> not that good but that can be fixed later.
>>>>
>>> I was thinking about something more along the lines of r28658. It turns
>>> out we're vulnerable to the dotless-ı in other interesting places that
>>> weren't affected by your tests.
>>>
>> r28658 fixes svn log -rCOMMITTED testcase for me, for 1.4.x I'll go with my
>> patch. Thanks for fixing this.
>>
>
> Should r28658 (and friends) be nominated for 1.4.x?
>
Done. Note that this doesn't cover a similar vulnerability in the SWIG
bindings.
-- Brane
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Dec 27 22:48:55 2007