Welcome to weblogs.com.pk Sign in | Join | Help

SubVersion v1.0.3

In case you are using SubVersion as your version control server, you should upgrade to v1.0.3 that fixes the buffer overflow bug. The bug can be exploited for denial of service attacks and arbitrary code execution. Here is another important piece of information that I am reproducing from the mail I received!


There was a similar vulnerability in the Neon HTTP library up to and including version 0.24.5.  Because Subversion ships with Neon, we have included (in Subversion 1.0.3) Neon 0.24.6, which is being released simultaneously.  Subversion does not actually invoke the vulnerable code in Neon; we are updating our copy of Neon simply as a reassuring gesture, so people don't worry.  See CAN-2004-0398 for details


SubVersion is very nice version control system that can be reached over multiple protocols, raw TCP/IP and WebDAV providers are bundled. I posted earlier about how to configure the SubVersion on Windows using Apache.

Published Wednesday, May 19, 2004 4:08 PM by khurram


No Comments

New Comments to this post are disabled