The fix for this issue is included in the 1.6.21 and 1.7.9 versions of
Subversion.
Our advisory for this issue is public and published here:
http://subversion.apache.org/security/CVE-2013-1849-advisory.txt
On Thu, Mar 28, 2013 at 9:48 PM, Ben Reser wrote:
> Fix for this is included in the 1.6.21
Fix for this is included in the 1.6.21 and 1.7.9 tarballs up for testing.
I've checked that they aren't vulnerable to the this issue. I'd
welcome others doing the same.
Source packages here:
https://dist.apache.org/repos/dist/dev/subversion/
On Tue, Mar 12, 2013 at 11:40 AM, Ben Reser wrote:
>
This has been assigned CVE-2013-1849
On Thu, Mar 7, 2013 at 12:20 PM, Ben Reser wrote:
> A couple days ago this email was posted on the full disclosure mailing list:
> http://seclists.org/fulldisclosure/2013/Mar/56
>
> The basic guts of the post is this:
> [[[
> Basically it requires >= 2 request
On Thu, Mar 7, 2013 at 1:01 PM, Philip Martin
wrote:
> r1453780 doesn't cause the server to reject the HTTP request; it causes
> the server to decline certain internal operations.
Thanks for the correction.
Ben Reser writes:
> A patch has been applied to trunk (http://svn.apache.org/r1453780)
> which resolves this issue by rejecting such requests as not
> implemented.
r1453780 doesn't cause the server to reject the HTTP request; it causes
the server to decline certain internal operations.
--
Cert
5 matches
Mail list logo
