Re: [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released

From: Daniel Shahaf <danielsh_at_apache.org>
Date: Thu, 10 Aug 2017 19:21:46 +0000

Daniel Shahaf wrote on Thu, 10 Aug 2017 18:04 +0000:
> I'm happy to announce the release of Apache Subversion 1.9.7.
> Please choose the mirror closest to you by visiting:
>
> http://subversion.apache.org/download.cgi?update=201708081800#recommended-release
>
> This is a stable security release of the Apache Subversion open source
> version control system. It fixes one security issue:
>
> CVE-2017-9800:
> Arbitrary code execution on clients through malicious svn+ssh URLs in
> svn:externals and svn:sync-from-url
> http://subversion.apache.org/security/CVE-2017-9800-advisory.txt

This was a coordinated release, here are the other coordinated announcements:

CVE-2017-12426 (GitLab)
https://about.gitlab.com/2017/08/10/gitlab-9-dot-4-dot-4-released/

CVE-2017-1000116 (Mercurial (hg))
https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-August/102699.html

CVE-2017-1000117 (Git)
https://public-inbox.org/git/xmqqh8xf482j.fsf@gitster.mtv.corp.google.com/T/#u
Received on 2017-08-10 21:28:48 CEST

This message: [ Message body ]
Next message: Philip Martin: "Re: errorcode.inc in tarballs"
Previous message: Daniel Shahaf: "release.py write-downloads (was: svn commit: r1804705 - /subversion/site/publish/download.html)"
In reply to: Daniel Shahaf: "[SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]