Re: [jira] [Updated] (SVN-4630) Unrestricted internal XML entities expansion

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Mon, 09 May 2016 22:15:10 +0000

Ivan Zhakov (JIRA) wrote on Mon, May 09, 2016 at 10:53:12 +0000:
>
> [ https://issues.apache.org/jira/browse/SVN-4630?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
>
> Ivan Zhakov updated SVN-4630:
> -----------------------------
> Component/s: (was: mod_dav_svn)
> tools
>
> Changing {{Component}} to {{tools}}, since this is mod_dontdothat
> specific problem and mod_dav_svn is not affected.

Just making sure: did you see the following remark at the end of the
report:

> > The Expat parser creation in {{subversion/libsvn_ra_serf/util.c}} and {{subversion/libsvn_subr/xml.c}} should be fixed as well, but these are in the client-side code (I think), and therefore less of a security concern.

?
Received on 2016-05-10 00:15:12 CEST

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]