Re: TortoiseSVN bundles vulnerable copy of Expat - please update to 2.2.3

From: Stefan Küng <tortoisesvn_at_gmail.com>
Date: Sat, 5 Aug 2017 08:18:40 +0200

On 05.08.2017 00:04, Sebastian Pipping wrote:
> Hi!
>
>
> Just a quick note that Expat 2.2.3 has been released, including a fix to
> DLL hijacking (CVE-2017-11742 [1]). For more details, please check the
> change log [2].

that problem doesn't apply here:
* we link expat not as a dll but link statically
* TSVN changes the dll search path at start so these kind of hijackings
can't work

but thanks for the info.

Stefan

-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest interface to (Sub)version control
    /_/   \_\     http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=757&dsMessageId=3280995
To unsubscribe from this discussion, e-mail: [dev-unsubscribe_at_tortoisesvn.tigris.org].

Received on 2017-08-05 08:18:49 CEST

This message: [ Message body ]
Next message: Lübbe Onken: "TortoiseSVN translation status report for r27905"
Previous message: Sebastian Pipping: "TortoiseSVN bundles vulnerable copy of Expat - please update to 2.2.3"
In reply to: Sebastian Pipping: "TortoiseSVN bundles vulnerable copy of Expat - please update to 2.2.3"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]