You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by br...@apache.org on 2013/07/24 21:29:08 UTC
svn propchange: r1503528 - svn:log
Author: breser
Revision: 1503528
Modified property: svn:log
Modified: svn:log at Wed Jul 24 19:29:08 2013
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Wed Jul 24 19:29:08 2013
@@ -5,6 +5,9 @@ that's what we have the canonicalize fun
them. Also we don't need to canonicalize paths produced by our own APIs
unless we know they aren't canonical.
+This fixes CVE-2013-4131 see the following advisory for details:
+http://s.apache.org/CVE-2013-4131
+
* subversion/mod_dav_svn/repos.c
(get_parent_resource): canonicalize here and only paths from mod_dav.
(get_parent_path): Remove custom canonicalize code.