[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [oss-security] CVE request for subversion

From: Hyrum K Wright <hyrum_at_hyrumwright.org>
Date: Sat, 8 Jan 2011 20:58:30 -0600

On Wed, Jan 5, 2011 at 10:09 AM, Josh Bressers <bressers_at_redhat.com> wrote:
>
> OK, let's split the CVE id then.
>
> So for
> A, "* prevent crash in mod_dav_svn when using SVNParentPath (r1033166)"
>  Upstream changeset:
>  http://svn.apache.org/viewvc?view=revision&revision=1033166
>
> Let's use CVE-2010-4539.
>
> For
> B, * fix server-side memory leaks triggered by 'blame -g' (r1032808)
>   References:
>   http://svn.haxx.se/dev/archive-2010-11/0102.shtml
>   Upstream changeset:
>   http://svn.apache.org/viewvc?view=revision&revision=1032808
>
> Let's use CVE-2010-4644.

Sounds great.

Should the Subversion project plan to write and publish advisories for
these CVEs, or has the requester already done so?

-Hyrum
Received on 2011-01-09 03:59:11 CET

This is an archived mail posted to the Subversion Dev mailing list.