[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released

From: Daniel Shahaf <danielsh_at_apache.org>
Date: Thu, 10 Aug 2017 19:21:46 +0000

Daniel Shahaf wrote on Thu, 10 Aug 2017 18:04 +0000:
> I'm happy to announce the release of Apache Subversion 1.9.7.
> Please choose the mirror closest to you by visiting:
>
> http://subversion.apache.org/download.cgi?update=201708081800#recommended-release
>
> This is a stable security release of the Apache Subversion open source
> version control system. It fixes one security issue:
>
> CVE-2017-9800:
> Arbitrary code execution on clients through malicious svn+ssh URLs in
> svn:externals and svn:sync-from-url
> http://subversion.apache.org/security/CVE-2017-9800-advisory.txt

This was a coordinated release, here are the other coordinated announcements:

  CVE-2017-12426 (GitLab)
  https://about.gitlab.com/2017/08/10/gitlab-9-dot-4-dot-4-released/

  CVE-2017-1000116 (Mercurial (hg))
  https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-August/102699.html

  CVE-2017-1000117 (Git)
  https://public-inbox.org/git/xmqqh8xf482j.fsf@gitster.mtv.corp.google.com/T/#u
Received on 2017-08-10 21:28:48 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.