You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@subversion.apache.org by br...@apache.org on 2013/07/24 21:29:08 UTC

svn propchange: r1503528 - svn:log

Author: breser
Revision: 1503528
Modified property: svn:log

Modified: svn:log at Wed Jul 24 19:29:08 2013
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Wed Jul 24 19:29:08 2013
@@ -5,6 +5,9 @@ that's what we have the canonicalize fun
 them.  Also we don't need to canonicalize paths produced by our own APIs
 unless we know they aren't canonical.
 
+This fixes CVE-2013-4131 see the following advisory for details:
+http://s.apache.org/CVE-2013-4131
+
 * subversion/mod_dav_svn/repos.c
   (get_parent_resource): canonicalize here and only paths from mod_dav.
   (get_parent_path): Remove custom canonicalize code.