You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by "C. Michael Pilato" <cm...@collab.net> on 2007/05/22 13:03:09 UTC
Re: svn commit: r25095 - in trunk/subversion: include libsvn_repos
tests/cmdline
Malcolm Rowe wrote:
> [Something that wasn't at all clear from this log message is that this patch
> actually fixes CVE-2007-2448. Might have been clearer with two separate
> patches :-)
Yeah, sorry about that.
> Actually, since I'm having a little trouble working out exactly what
> the security problem is here, could you add a description to
> www/security/ ? We don't necessarily need to publish it far and wide if
> we don't think it's a significant problem, but I think we should at
> least have a description we can point people to.]
Sure thing!
[commit review snipped -- I agree with all your comments, and will commit
fixes for them later today]
--
C. Michael Pilato <cm...@collab.net>
CollabNet <> www.collab.net <> Distributed Development On Demand
Re: svn commit: r25095 - in trunk/subversion: include libsvn_repos
tests/cmdline
Posted by Malcolm Rowe <ma...@farside.org.uk>.
On Tue, May 22, 2007 at 09:03:09AM -0400, C. Michael Pilato wrote:
> > Actually, since I'm having a little trouble working out exactly what
> > the security problem is here, could you add a description to
> > www/security/ ? We don't necessarily need to publish it far and wide if
> > we don't think it's a significant problem, but I think we should at
> > least have a description we can point people to.]
>
> Sure thing!
>
Thanks! So, should we backport this into (what will become) 1.4.5, and
forget about the current 1.4.4 tarball?
Regards,
Malcolm