oss-sec mailing list archives
Re: CVE request for subversion
From: Hyrum K Wright <hyrum () hyrumwright org>
Date: Sat, 8 Jan 2011 20:58:30 -0600
On Wed, Jan 5, 2011 at 10:09 AM, Josh Bressers <bressers () redhat com> wrote:
OK, let's split the CVE id then. So for A, "* prevent crash in mod_dav_svn when using SVNParentPath (r1033166)" Upstream changeset: http://svn.apache.org/viewvc?view=revision&revision=1033166 Let's use CVE-2010-4539. For B, * fix server-side memory leaks triggered by 'blame -g' (r1032808) References: http://svn.haxx.se/dev/archive-2010-11/0102.shtml Upstream changeset: http://svn.apache.org/viewvc?view=revision&revision=1032808 Let's use CVE-2010-4644.
Sounds great. Should the Subversion project plan to write and publish advisories for these CVEs, or has the requester already done so? -Hyrum
Current thread:
- CVE request for subversion Kurt Seifried (Jan 02)
- Re: CVE request for subversion Josh Bressers (Jan 03)
- Re: CVE request for subversion Jan Lieskovsky (Jan 04)
- Re: CVE request for subversion Hyrum Wright (Jan 04)
- Re: CVE request for subversion Josh Bressers (Jan 05)
- Re: CVE request for subversion Hyrum K Wright (Jan 08)
- Re: CVE request for subversion Kurt Seifried (Jan 08)
- Re: CVE request for subversion Jan Lieskovsky (Jan 04)
- Re: CVE request for subversion Josh Bressers (Jan 03)