OpenSSH released a fix for a memory corruption with AES-GCM ciphers in OpenSSH
6.2 and 6.3.
Their advisory is here:
http://www.openssh.com/txt/gcmrekey.adv
If you're using Subversion in a svn+ssh:// configuration that restrictions on
the command being run using the command field in the authorized
On 11/7/13 9:46 PM, Ben Reser wrote:
> I believe some binary packages have included these patches already. But I'm
> not sure which ones have and have not. Hopefully those vendors can respond
> here to note that. Note that the patches are against httpd and not SVN so if
> the binary package you'
On 11/7/13 9:55 PM, Ben Reser wrote:
> Putting my own corporate hat on for a moment here. WANdisco binaries that
> come
> with httpd should be patched as well. I need to ask the individual that
> builds
> them to verify for sure. If you find that they are not let me know and I'll
> see that th
Hello to all, This is Baris, I am totally new, so please help me... I wonder if
I could just deny update right to all after writing a record into subversion...
I mean; a user will have a right to write into it but after writing done, can I
deny the update right? or something like this... Kind re
"Matthews, David" writes:
> Thanks for your response (although it doesn't seem to have made it
> to the archive yet - perhaps because I used google groups?).
Yes, my reply went to google groups and was bounced because I'm not
subscribed to the google group.
> It's good to know that the problem
> -Original Message-
> From: Philip Martin [mailto:philip.mar...@wandisco.com]
> Sent: 08 November 2013 10:19
> To: Matthews, David
> Cc: subversion_us...@googlegroups.com
> Subject: Re: svnadmin hotcopy losing revprops
>
> dpm writes:
>
> > I'm using svn 1.8.4 on RHEL 6.3 (we're in the
On 8 November 2013 09:46, Ben Reser wrote:
> The current releases of httpd (at the time of writing this email) have two
> issues when used with Subversion. At this point httpd doesn't release very
> often leaving some users with an unfortunate choice to leave their httpd
> unpatched from some sec
Hello,
I've just replied to the related thread and noticed this one.
VisualSVN Server has the patch applied since 2.6.5 version:
http://www.visualsvn.com/server/changes/#v2.6.5
On Fri, Nov 8, 2013 at 9:46 AM, Ben Reser wrote:
> The current releases of httpd (at the time of writing this email) ha
Hello,
> > I'd suggest going with a binary produced by one of the
> > vendors. I think several have already patched. Mark
> > mentioned that Collab.Net's packages are patched.
>
> I've downloaded those, too, but the installation hasn't "taken" yet. I'll
> have to edit the httpd.conf a bit mor
