[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released

From: Daniel Shahaf <danielsh_at_apache.org>
Date: Thu, 10 Aug 2017 19:21:46 +0000

Daniel Shahaf wrote on Thu, 10 Aug 2017 18:04 +0000:
> I'm happy to announce the release of Apache Subversion 1.9.7.
> Please choose the mirror closest to you by visiting:
> http://subversion.apache.org/download.cgi?update=201708081800#recommended-release
> This is a stable security release of the Apache Subversion open source
> version control system. It fixes one security issue:
> CVE-2017-9800:
> Arbitrary code execution on clients through malicious svn+ssh URLs in
> svn:externals and svn:sync-from-url
> http://subversion.apache.org/security/CVE-2017-9800-advisory.txt

This was a coordinated release, here are the other coordinated announcements:

  CVE-2017-12426 (GitLab)

  CVE-2017-1000116 (Mercurial (hg))

  CVE-2017-1000117 (Git)
Received on 2017-08-10 21:28:45 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.