[Monotone-devel] Subversion on Bugtraq

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Monotone-devel] Subversion on Bugtraq

From:	Colorless
Subject:	[Monotone-devel] Subversion on Bugtraq
Date:	Mon, 7 Mar 2005 17:11:52 -0800 (PST)

FWIW:

3. Problem description:

Subversion versions up to 1.0.2 are vulnerable to a date parsing
vulnerability which can be abused to allow remote code execution on
Subversion servers and therefore could lead to a repository compromise.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0397 to this issue.

Subversion versions up to and including 1.0.4 have a potential Denial of
Service and Heap Overflow issue related to the parsing of strings in the
'svn://' family of access protocols. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0413 to
this issue.

[Prev in Thread]

Current Thread

[Next in Thread]

[Monotone-devel] Subversion on Bugtraq, Colorless <=

Prev by Date: Re: [Monotone-devel] Re: Gentoo and 64 bits...
Next by Date: [Monotone-devel] 0.17 "release candidate", last call for bugs...
Previous by thread: [Monotone-devel] Executable for Windows NT and 2000
Next by thread: [Monotone-devel] 0.17 "release candidate", last call for bugs...
Index(es):
- Date
- Thread