On Sun, May 19, 2013 at 11:18:49AM +0200, Stefan Sperling wrote: > On Wed, May 15, 2013 at 02:08:57PM +0400, Boris Lytochkin wrote: > > It is possible to force svnserve daemon to exit using trivial (and valid) > > TCP session: > > Thanks for your bug report and patch, Boris. > We'll release updates soon that include a fix for this issue. >
For the record, the fix will be included in 1.6.22, 1.7.9, 1.8.0-rc3, 1.8.0. > Our guidelines for reporting security issues are here: > http://subversion.apache.org/security/ This issue has been assigned the identifier CVE-2013-2112. It will be added to the public list in due course.
