[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [oss-security] CVE request for subversion

From: Hyrum K Wright <hyrum_at_hyrumwright.org>
Date: Sat, 8 Jan 2011 20:58:30 -0600

On Wed, Jan 5, 2011 at 10:09 AM, Josh Bressers <bressers_at_redhat.com> wrote:
>
> OK, let's split the CVE id then.
>
> So for
> A, "* prevent crash in mod_dav_svn when using SVNParentPath (r1033166)"
> Upstream changeset:
> http://svn.apache.org/viewvc?view=revision&revision=1033166
>
> Let's use CVE-2010-4539.
>
> For
> B, * fix server-side memory leaks triggered by 'blame -g' (r1032808)
> References:
> http://svn.haxx.se/dev/archive-2010-11/0102.shtml
> Upstream changeset:
> http://svn.apache.org/viewvc?view=revision&revision=1032808
>
> Let's use CVE-2010-4644.

Sounds great.

Should the Subversion project plan to write and publish advisories for
these CVEs, or has the requester already done so?

-Hyrum
Received on 2011-01-09 03:59:11 CET

This message: [ Message body ]
Next message: Blair Zajac: "Re: [PATCH] fsfs: flush proto rev files (issue #3705)"
Previous message: Hyrum K Wright: "Re: [PATCH in progress] Ref-counting for pristine texts"
In reply to: Josh Bressers: "Re: [oss-security] CVE request for subversion"
Next in thread: Kurt Seifried: "Re: [oss-security] CVE request for subversion"
Reply: Kurt Seifried: "Re: [oss-security] CVE request for subversion"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.