[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnserve DoS attack (1.7.8)

From: Stefan Sperling <stsp_at_elego.de>
Date: Sun, 19 May 2013 11:18:49 +0200

On Wed, May 15, 2013 at 02:08:57PM +0400, Boris Lytochkin wrote:
> It is possible to force svnserve daemon to exit using trivial (and valid) TCP session:

Thanks for your bug report and patch, Boris.
We'll release updates soon that include a fix for this issue.

In the future, please report security problems to the security@ list.
I've just noticed that security@ is not listed on our mailing-lists.html
page. I'll try to fix that ASAP.

Our guidelines for reporting security issues are here:
http://subversion.apache.org/security/

Thanks again!
Received on 2013-05-19 11:19:28 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.