* Bas van Schaik: > I've just downloaded the WebSVN 2.1 tarball and it is not vulnerable for > this issue. Therefore, reporting to upstream doesn't make any sense... > > However, WebSVN 2.0 will appear in Lenny. I think the fix should be > backported to 2.0 or Lenny should contain WebSVN 2.1.
Probably, yes, although the severity is somewhat debatable. etch is not affected because that WebSVN version does not implement authentication. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
