[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: TortoiseSVN bundles vulnerable copy of Expat - please update to 2.2.3

From: Stefan Küng <tortoisesvn_at_gmail.com>
Date: Sat, 5 Aug 2017 08:18:40 +0200

On 05.08.2017 00:04, Sebastian Pipping wrote:
> Hi!
>
>
> Just a quick note that Expat 2.2.3 has been released, including a fix to
> DLL hijacking (CVE-2017-11742 [1]). For more details, please check the
> change log [2].

that problem doesn't apply here:
* we link expat not as a dll but link statically
* TSVN changes the dll search path at start so these kind of hijackings
can't work

but thanks for the info.

Stefan

-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest interface to (Sub)version control
    /_/   \_\     http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=757&dsMessageId=3280995
To unsubscribe from this discussion, e-mail: [dev-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2017-08-05 08:18:49 CEST

This is an archived mail posted to the TortoiseSVN Dev mailing list.