21097 2009-08-17 17:46:08 +0400 CVE-2009-2411: subversion heap overflow 2009-08-20 14:24:23 +0400 1 1 4 Development Sisyphus subversion unstable all Linux CLOSED FIXED http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt security P3 blocker --- 1 ldv cas cas ender shrek qa-sisyphus oldest_to_newest 96667 0 ldv 2009-08-17 17:46:08 +0400 Subversion performs insufficient input validation of svndiff streams. Malicious servers could cause heap overflows in clients, and malicious clients with commit access could cause heap overflows in servers, possibly leading to arbitrary code execution in both cases. Upstream released new version to fix the problem. 96782 1 repository-robot 2009-08-19 04:25:48 +0400 subversion-1.6.4-alt1 -> sisyphus: * Tue Aug 18 2009 Dmitry V. Levin <ldv@altlinux> 1.6.4-alt1 - Updated to 1.6.4 (CVE-2009-2411; closes: #21097). 96904 2 ender 2009-08-20 14:24:23 +0400 спасибо, меня резко в командировку выгнали, только до почты добрался.