subversion-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Shahaf <danie...@apache.org>
Subject Re: [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released
Date Thu, 10 Aug 2017 19:21:46 GMT
Daniel Shahaf wrote on Thu, 10 Aug 2017 18:04 +0000:
> I'm happy to announce the release of Apache Subversion 1.9.7.
> Please choose the mirror closest to you by visiting:
> 
>     http://subversion.apache.org/download.cgi?update=201708081800#recommended-release
> 
> This is a stable security release of the Apache Subversion open source
> version control system.  It fixes one security issue:
> 
>     CVE-2017-9800:
>     Arbitrary code execution on clients through malicious svn+ssh URLs in
>     svn:externals and svn:sync-from-url
>     http://subversion.apache.org/security/CVE-2017-9800-advisory.txt

This was a coordinated release, here are the other coordinated announcements:

  CVE-2017-12426 (GitLab)
  https://about.gitlab.com/2017/08/10/gitlab-9-dot-4-dot-4-released/

  CVE-2017-1000116 (Mercurial (hg))
  https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-August/102699.html

  CVE-2017-1000117 (Git)
  https://public-inbox.org/git/xmqqh8xf482j.fsf@gitster.mtv.corp.google.com/T/#u

Mime
View raw message