Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <AANLkTinvVDGHTHcef-u6ofXn7xkxN-yWg+XCfNRpHxF7@mail.gmail.com>
Date: Sat, 8 Jan 2011 20:58:30 -0600
From: Hyrum K Wright <hyrum@...umwright.org>
To: Josh Bressers <bressers@...hat.com>
Cc: oss-security@...ts.openwall.com, Kurt Seifried <kurt@...fried.org>, 
	"Steven M. Christey" <coley@...us.mitre.org>, Joe Orton <jorton@...hat.com>, 
	Subversion Development <dev@...version.apache.org>
Subject: Re: CVE request for subversion

On Wed, Jan 5, 2011 at 10:09 AM, Josh Bressers <bressers@...hat.com> wrote:
>
> OK, let's split the CVE id then.
>
> So for
> A, "* prevent crash in mod_dav_svn when using SVNParentPath (r1033166)"
>  Upstream changeset:
>  http://svn.apache.org/viewvc?view=revision&revision=1033166
>
> Let's use CVE-2010-4539.
>
> For
> B, * fix server-side memory leaks triggered by 'blame -g' (r1032808)
>   References:
>   http://svn.haxx.se/dev/archive-2010-11/0102.shtml
>   Upstream changeset:
>   http://svn.apache.org/viewvc?view=revision&revision=1032808
>
> Let's use CVE-2010-4644.

Sounds great.

Should the Subversion project plan to write and publish advisories for
these CVEs, or has the requester already done so?

-Hyrum

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.