Re: svnserve DoS attack (1.7.8)

From: Stefan Sperling <stsp_at_elego.de>
Date: Sun, 19 May 2013 11:18:49 +0200

On Wed, May 15, 2013 at 02:08:57PM +0400, Boris Lytochkin wrote:
> It is possible to force svnserve daemon to exit using trivial (and valid) TCP session:

Thanks for your bug report and patch, Boris.
We'll release updates soon that include a fix for this issue.

In the future, please report security problems to the security@ list.
I've just noticed that security@ is not listed on our mailing-lists.html
page. I'll try to fix that ASAP.

Our guidelines for reporting security issues are here:
http://subversion.apache.org/security/

Thanks again!
Received on 2013-05-19 11:19:28 CEST

This message: [ Message body ]
Next message: Thorsten Schöning: "Re: Subversion Doesn't Have Branches aka Crossing the Streams aka Branches as First Class Objects?"
Previous message: Branko ÄŒibej: "Re: Subversion Doesn't Have Branches aka Crossing the Streams aka Branches as First Class Objects?"
In reply to: Boris Lytochkin: "svnserve DoS attack (1.7.8)"
Next in thread: Daniel Shahaf: "Re: svnserve DoS attack (1.7.8)"
Reply: Daniel Shahaf: "Re: svnserve DoS attack (1.7.8)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]