From dev-return-38985-archive-asf-public=cust-asf.ponee.io@subversion.apache.org Thu Jan 24 22:42:16 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 1DFAB18062C for ; Thu, 24 Jan 2019 22:42:15 +0100 (CET) Received: (qmail 68940 invoked by uid 500); 24 Jan 2019 21:42:15 -0000 Mailing-List: contact dev-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@subversion.apache.org Received: (qmail 68930 invoked by uid 99); 24 Jan 2019 21:42:14 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 Jan 2019 21:42:14 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id F0CA2C0333 for ; Thu, 24 Jan 2019 21:42:13 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.202 X-Spam-Level: X-Spam-Status: No, score=-0.202 tagged_above=-999 required=6.31 tests=[DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id 1ppd7aojnAsu for ; Thu, 24 Jan 2019 21:42:12 +0000 (UTC) Received: from mail-yw1-f41.google.com (mail-yw1-f41.google.com [209.85.161.41]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id BC8435FB0A for ; Thu, 24 Jan 2019 21:42:12 +0000 (UTC) Received: by mail-yw1-f41.google.com with SMTP id h32so3084598ywk.2 for ; Thu, 24 Jan 2019 13:42:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=S3Yd4IwIxVaFbTar9talbBBWToeOlntN8ebJjelKLSI=; b=ofhW75xb44TPyk0+i+goRyuT1kIfp1Em5HSb1ODrBNkcpoxcuXtki0471jvScW6dsv +LASdWrIHdbx9VSMytCGIba9P3TupTbyn2Y8aH4bPEByswfrKe0atk7Po2e6SXHnmLo8 ZDq2tlMRrxeIOOzsxOVC+tIOJHBqhz3mFD/GT22yi1VEXN3x5VBSI5f+l3Trcx1mThJw RoZN8+aDxKiUznwQMrPL1PVB7mowSBhgKTlasMWMVmLoAlbxK6gOQXSbcJly4Sr9Hd9E D/cOvrWICTc1m9kQIHTuGVmVkOS7+bNFgPKVFS+HX+3Owx6hl2nZam3YayToWlguX4ZL evxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=S3Yd4IwIxVaFbTar9talbBBWToeOlntN8ebJjelKLSI=; b=JvtVOWDU9Hjr66AxaLrqEh0eKD5SPCQwewappZdjlehqg5zMFqaGBE972IDoUnfwO1 Su05YFdGBsPYv/MOTjY35VLs2V9ZBFNABCw5sJ7gu594aP09fABBVbAMqc/UG0jdED1I iUw4+v5KvWXf2H2h8FdevZqqoMSPADFhAsr7yK8CBfgzJ46FRc80+8OdqO4ob365r1qh /3H3AegKIxsAkVGQTy7a0PvTeJ/ij3N1ADj3Gh1h0I0Aswhk1JF1Op57ky/1cxK4feR3 WWu3f0xeiCM6/rsg64Ea3drMWW+lWgDdjX1SRhUGycGrIQnIMlHRMAD2KwDAvTB5HNLP 9QCg== X-Gm-Message-State: AJcUukfrf6FcMJ/1eZeN4TO+KRgxHPQtztWGjUDlujBod11U6PC3XkFg 74kTWC+uufUuWoW6hoQcuQp1m3IiQYWeele+cyE= X-Google-Smtp-Source: ALg8bN6hjf8HbGd6Y0RRVdo1eCyqf+IDZh3MAuBJbPEVc02EOZL0xj7n98eFrjFGZCRk99TJMELaWVXZVSOPjztGFyA= X-Received: by 2002:a81:1a52:: with SMTP id a79mr8601207ywa.467.1548366125976; Thu, 24 Jan 2019 13:42:05 -0800 (PST) MIME-Version: 1.0 References: <60d59530-6950-35c5-d118-69e5549b7bf1@apache.org> <1548271900.2027258.1641978776.64BB95FB@webmail.messagingengine.com> <20190123223304.GY23718@ted.stsp.name> <1548357427.3410251.1642817032.0BB4EAC5@webmail.messagingengine.com> In-Reply-To: <1548357427.3410251.1642817032.0BB4EAC5@webmail.messagingengine.com> From: Troy Curtis Jr Date: Thu, 24 Jan 2019 16:41:54 -0500 Message-ID: Subject: Re: [CVE-2018-11803] Apache Subversion Denial of Service Vulnerability To: Julian Foad Cc: Subversion Development Content-Type: text/plain; charset="UTF-8" On Thu, Jan 24, 2019 at 2:17 PM Julian Foad wrote: > > Thanks, Troy. > > I have noted this CVE fix in the CHANGES file in r1852014 and pushed it to 1.10 and 1.11 branches so people looking there can find it. > Thanks Julian! That was on my TODO list, but didn't get to it last night. I also wasn't sure about the whole modifying the release branches, etc. So this is perfect! Troy > -- > - Julian