You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by Carl Karsten <ca...@personnelware.com> on 2004/09/18 21:25:27 UTC

security issue in 1.1

Where is the proper place/person to alert if I have found an exploit?

Carl K

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: security issue in 1.1

Posted by David James <st...@gmail.com>.

I'd suggest sending it directly to one of the core maintainers. Try
sending it to the following people:
- Karl Fogel <kf...@tigris.org>
- Greg Stein <gs...@tigris.org>
- Ben Collins-Sussman <su...@red-bean.com>
- C. Michael Pilato <cm...@collab.net>

Cheers,

David

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

dumb me was : security issue in 1.1

Posted by Carl Karsten <ca...@personnelware.com>.

Never mind.  It is documented:

anon-access = read  The example settings are, in fact, the default values of the
variables, should you forget to define them.

I was thiking if I changed anon-access to auth-access it should 'drop' the anon
access, but it just goes to it's default, which is read.

Carl K


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: security issue in 1.1

Posted by Carl Karsten <ca...@personnelware.com>.

> > Where is the proper place/person to alert if I have found an exploit?
>
> See the "Security" link in the sidebar on http://subversion.tigris.org
>

Very good.  Thank you.

"... the address has been encoded..." It is only a matter of time...  I am
surprised it isn't an image.

Carl K


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

RE: security issue in 1.1

Posted by Arild Fines <ar...@broadpark.no>.

Carl Karsten wrote:
> Where is the proper place/person to alert if I have found an exploit?

See the "Security" link in the sidebar on http://subversion.tigris.org

-- 
Arild

AnkhSVN: http://ankhsvn.tigris.org
Blog: http://ankhsvn.com/blog
IRC: irc://irc.freenode.net/ankhsvn

"Weaseling out of things is good. It's what separates us from the other
animals....except weasels." -- Homer Simpson 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org