[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnserve DoS attack (1.7.8)

From: Daniel Shahaf <danielsh_at_apache.org>
Date: Wed, 22 May 2013 20:49:17 +0000

On Sun, May 19, 2013 at 11:18:49AM +0200, Stefan Sperling wrote:
> On Wed, May 15, 2013 at 02:08:57PM +0400, Boris Lytochkin wrote:
> > It is possible to force svnserve daemon to exit using trivial (and valid) TCP session:
> Thanks for your bug report and patch, Boris.
> We'll release updates soon that include a fix for this issue.

For the record, the fix will be included in 1.6.22, 1.7.9, 1.8.0-rc3, 1.8.0.

> Our guidelines for reporting security issues are here:
> http://subversion.apache.org/security/

This issue has been assigned the identifier CVE-2013-2112. It will be added to
the public list in due course.
Received on 2013-05-22 22:49:24 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.