[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [jira] [Updated] (SVN-4630) Unrestricted internal XML entities expansion

From: Ivan Zhakov <ivan_at_apache.org>
Date: Tue, 10 May 2016 13:13:13 +0300

On 10 May 2016 at 01:15, Daniel Shahaf <d.s_at_daniel.shahaf.name> wrote:
> Ivan Zhakov (JIRA) wrote on Mon, May 09, 2016 at 10:53:12 +0000:
>>
>> [ https://issues.apache.org/jira/browse/SVN-4630?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
>>
>> Ivan Zhakov updated SVN-4630:
>> -----------------------------
>> Component/s: (was: mod_dav_svn)
>> tools
>>
>> Changing {{Component}} to {{tools}}, since this is mod_dontdothat
>> specific problem and mod_dav_svn is not affected.
>
> Just making sure: did you see the following remark at the end of the
> report:
>
>> > The Expat parser creation in {{subversion/libsvn_ra_serf/util.c}} and
> {{subversion/libsvn_subr/xml.c}} should be fixed as well, but these are
> in the client-side code (I think), and therefore less of a security concern.
>
Yes, I noticed that, but forgot that JIRA allows to specify multiple
components for issues. I've added libsvn_ra_serf as component for this
issue. Thanks for heads-up!

-- 
Ivan Zhakov
Received on 2016-05-10 12:13:41 CEST

This is an archived mail posted to the Subversion Dev mailing list.