Author: danielsh
Date: Thu Aug 10 18:04:00 2017
New Revision: 1804690

URL: http://svn.apache.org/viewvc?rev=1804690&view=rev
Log:
Release Subversion 1.9.7 with a fix for CVE-2017-9800.

Added:
    subversion/site/publish/security/CVE-2017-9800-advisory.txt
    subversion/site/publish/security/CVE-2017-9800-advisory.txt.asc
Modified:
    subversion/site/publish/doap.rdf
    subversion/site/publish/docs/release-notes/release-history.html
    subversion/site/publish/index.html
    subversion/site/publish/news.html
    subversion/site/publish/security/index.html
    subversion/site/publish/site-nav.html

Modified: subversion/site/publish/doap.rdf
URL: 
http://svn.apache.org/viewvc/subversion/site/publish/doap.rdf?rev=1804690&r1=1804689&r2=1804690&view=diff
==============================================================================
--- subversion/site/publish/doap.rdf (original)
+++ subversion/site/publish/doap.rdf Thu Aug 10 18:04:00 2017
@@ -37,8 +37,8 @@
     <release>
       <Version>
         <name>Recommended current 1.9 release</name>
-        <created>2017-07-06</created>
-        <revision>1.9.6</revision>
+        <created>2017-08-10</created>
+        <revision>1.9.7</revision>
       </Version>
     </release>
     <release>

Modified: subversion/site/publish/docs/release-notes/release-history.html
URL: 
http://svn.apache.org/viewvc/subversion/site/publish/docs/release-notes/release-history.html?rev=1804690&r1=1804689&r2=1804690&view=diff
==============================================================================
--- subversion/site/publish/docs/release-notes/release-history.html (original)
+++ subversion/site/publish/docs/release-notes/release-history.html Thu Aug 10 
18:04:00 2017
@@ -31,6 +31,9 @@ Subversion 2.0.</p>
 
 <ul>
   <li>
+    <b>Subversion 1.9.7</b> (Thursday, 10 August 2017): Security release.
+  </li>
+  <li>
     <b>Subversion 1.8.18</b> (Friday, 07 July 2017): Bugfix release.
   </li>
   <li>

Modified: subversion/site/publish/index.html
URL: 
http://svn.apache.org/viewvc/subversion/site/publish/index.html?rev=1804690&r1=1804689&r2=1804690&view=diff
==============================================================================
--- subversion/site/publish/index.html (original)
+++ subversion/site/publish/index.html Thu Aug 10 18:04:00 2017
@@ -64,6 +64,26 @@
 
 <!-- In general, we'll keep only the most recent 3 or 4 news items here. -->
 
+<div class="h3" id="news-20170810-1"> 
+<h3>2017-08-09 &mdash; Apache Subversion 1.9.7 Released
+ <a class="sectionlink" href="#news-20170810-1"
+ title="Link to this section">&para;</a> 
+</h3> 
+ 
+<p>We are pleased to announce the release of Apache Subversion 1.9.7.
+ This is the most complete Subversion release to date, and we encourage
+ users of Subversion to upgrade as soon as reasonable.
+ Please see the
+ <a 
href="https://mail-archives.apache.org/mod_mbox/subversion-announce/201708.mbox/%3C2fefe468-7d41-11e7-aea1-9312c6089150%40apache.org%3E";
+ >release announcement</a> and the
+ <a href="http://svn.apache.org/repos/asf/subversion/tags/1.9.7/CHANGES";
+ >change log</a> for more information about this release.</p> 
+ 
+<p>To get this release from the nearest mirror, please visit our
+ <a href="/download.cgi?update=201708081800#recommended-release">download 
page</a>.</p> 
+ 
+</div> <!-- #news-20170810-1 --> 
+
 <div class="h3" id="news-20170726">
 <h3>2017-07-26 &mdash; Apache Subversion 1.10.0-alpha3 Released
  <a class="sectionlink" href="#news-20170726"
@@ -106,33 +126,6 @@
  
 </div> <!-- #news-20170707 --> 
 
-<div class="h3" id="news-20170706"> 
-<h3>2017-07-06 &mdash; Apache Subversion 1.9.6 Released
- <a class="sectionlink" href="#news-20170706"
- title="Link to this section">&para;</a> 
-</h3> 
- 
-<p>We are pleased to announce the release of Apache Subversion 1.9.6.
- This is the most complete Subversion release to date, and we encourage
- users of Subversion to upgrade as soon as reasonable. Please see the
- <a 
href="https://mail-archives.apache.org/mod_mbox/subversion-announce/201707.mbox/%3C20170706103910.s2fibubji2orhfcs%40tarpaulin.shahaf.local2%3E";
- >release announcement</a> and the
- <a href="http://svn.apache.org/repos/asf/subversion/tags/1.9.6/CHANGES";
- >change log</a> for more information about this release.</p> 
- 
-<p>This release fixes a bug where a repository would fail to store two files 
having
- <a href="http://shattered.io/";>identical SHA-1 checksums</a>.
- Further information is available
- <a href="/docs/release-notes/1.9#shattered-sha1"
- >in the 1.9.x series release notes</a> 
- and in a
- <a href="/faq#shattered-sha1">new FAQ entry</a>.</p>
-
-<p>To get this release from the nearest mirror, please visit our
- <a href="/download.cgi#recommended-release">download page</a>.</p> 
- 
-</div> <!-- #news-20170706 --> 
-
 <p style="font-style: italic; text-align:
    right;">[Click <a href="/news.html">here</a> to see all News
    items.]</p>

Modified: subversion/site/publish/news.html
URL: 
http://svn.apache.org/viewvc/subversion/site/publish/news.html?rev=1804690&r1=1804689&r2=1804690&view=diff
==============================================================================
--- subversion/site/publish/news.html (original)
+++ subversion/site/publish/news.html Thu Aug 10 18:04:00 2017
@@ -22,6 +22,26 @@
 <!-- Maybe we could insert H2's to split up the news items by  -->
 <!-- calendar year if we felt the need to do so.               -->
 
+<div class="h3" id="news-20170810-1"> 
+<h3>2017-08-09 &mdash; Apache Subversion 1.9.7 Released
+ <a class="sectionlink" href="#news-20170810-1"
+ title="Link to this section">&para;</a> 
+</h3> 
+ 
+<p>We are pleased to announce the release of Apache Subversion 1.9.7.
+ This is the most complete Subversion release to date, and we encourage
+ users of Subversion to upgrade as soon as reasonable.
+ Please see the
+ <a 
href="https://mail-archives.apache.org/mod_mbox/subversion-announce/201708.mbox/%3C2fefe468-7d41-11e7-aea1-9312c6089150%40apache.org%3E";
+ >release announcement</a> and the
+ <a href="http://svn.apache.org/repos/asf/subversion/tags/1.9.7/CHANGES";
+ >change log</a> for more information about this release.</p> 
+ 
+<p>To get this release from the nearest mirror, please visit our
+ <a href="/download.cgi?update=201708081800#recommended-release">download 
page</a>.</p> 
+ 
+</div> <!-- #news-20170810-1 --> 
+
 <div class="h3" id="news-20170726">
 <h3>2017-07-26 &mdash; Apache Subversion 1.10.0-alpha3 Released
  <a class="sectionlink" href="#news-20170726"

Added: subversion/site/publish/security/CVE-2017-9800-advisory.txt
URL: 
http://svn.apache.org/viewvc/subversion/site/publish/security/CVE-2017-9800-advisory.txt?rev=1804690&view=auto
==============================================================================
--- subversion/site/publish/security/CVE-2017-9800-advisory.txt (added)
+++ subversion/site/publish/security/CVE-2017-9800-advisory.txt Thu Aug 10 
18:04:00 2017
@@ -0,0 +1,379 @@
+  Arbitrary code execution on clients through malicious svn+ssh URLs in
+  svn:externals and svn:sync-from-url
+
+Summary:
+========
+
+  A Subversion client sometimes connects to URLs provided by the repository.
+  This happens in two primary cases: during 'checkout', 'export', 'update', and
+  'switch', when the tree being downloaded contains svn:externals properties;
+  and when using 'svnsync sync' with one URL argument.
+
+  A maliciously constructed svn+ssh:// URL would cause Subversion clients to
+  run an arbitrary shell command.  Such a URL could be generated by a malicious
+  server, by a malicious user committing to a honest server (to attack another
+  user of that server's repositories), or by a proxy server.
+
+  The vulnerability affects all clients, including those that use file://,
+  http://, and plain (untunneled) svn://.
+
+  An exploit has been tested.
+
+Known vulnerable:
+=================
+
+  Subversion clients 1.0.0 through 1.8.18 (inclusive)
+  Subversion clients 1.9.0 through 1.9.6 (inclusive)
+  Subversion client 1.10.0-alpha3
+
+  Subversion 1.10.0-alpha1 and 1.10.0-alpha2 are vulnerable,
+  however, were never publicly released.
+
+Known fixed:
+============
+
+  Subversion 1.8.19
+  Subversion 1.9.7
+
+  Patches are available for 1.9, 1.8, 1.6.  The patch for 1.9 applies
+  to 1.10.0-alpha3 with an offset.  The patch for 1.8 applies to 1.7
+  with an offset.
+
+  Clients that do not have access to an ssh client, and have no custom tunnels
+  configured in their runtime configuration area [1], are not vulnerable.
+
+  Clients using Subversion's own runtime module loading for Repository Access
+  (RA) modules are not vulnerable if the 'libsvn_ra_svn' module, which provides
+  support for the svn+ssh:// and svn:// protocols is removed.
+
+  [1] 
http://svnbook.red-bean.com/en/1.7/svn.advanced.confarea.html#svn.advanced.confarea.layout
+      This link describes Subversion 1.7, but the description is correct for
+      all other versions as well.
+
+Details:
+========
+
+  (see "Summary:" above)
+
+Severity:
+=========
+
+  CVSSv3 Base Score: 9.9 (Critical)
+  CVSSv3 Base Vector: 
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
+
+  A successful exploit will run an arbitrary shell command with the privileges
+  of the Subversion client.
+
+Recommendations:
+================
+
+  Several alternative ways to fix the issue are available.  Any one of #1, #2,
+  #3, and #4 fixes the issue completely.  There is no need to implement more
+  than one of these four options.
+
+  1. We recommend all users to upgrade to Subversion 1.9.7 or 1.8.19.  New
+  Subversion source and binary packages can be found at:
+    https://subversion.apache.org/download
+    https://subversion.apache.org/packages
+
+  2. Users of Subversion 1.8.x and 1.9.x who are unable to upgrade may apply
+  the included patch.
+
+  3. Clients that are not able to execute the 'ssh' command are not vulnerable.
+  Note, however, that the name of the command may be changed by setting the
+  $SVN_SSH environment variable or by setting a value for the 'ssh' key
+  in the "[tunnels]" section of the file "config" in the runtime configuration
+  area [1].  Moreover, the "[tunnels]" section may define additional tunnels;
+  those may be vulnerable if they do not perform input validation on their
+  first argument, which contains the hostname to connect to.
+
+  By default, only the "ssh" tunnel is available.  It is available even if it
+  is commented out in the file "config".  The default definition of the "ssh"
+  tunnel is equivalent to:
+      ssh = $SVN_SSH ssh -q
+  If that line is not commented out and not set to the default, audit that line
+  as explained below for additional/custom tunnels.  If that line is commented
+  out or set to the default, two different fixes are available: either
+  uncomment that line and change the setting to
+      ssh = $SVN_SSH ssh -q --
+  or set the environment variable "SVN_SSH" to the value "ssh -q --".
+
+  Custom tunnels are invoked with three arguments: the hostname to connect to,
+  the string "svnserve" and the string "-t".  It is recommended that custom
+  tunnel definitions be audited for correct handling of unusual or invalid
+  host values; the Subversion libraries perform some basic validation,
+  but cannot guarantee correct quoting/escaping of the parameters to
+  arbitrary third-party tunnel commands.
+
+  4. Clients built to use Subversion's own runtime mechanism for loading
+  modules can remove the libsvn_ra_svn shared module and thus remove the
+  threat.  The svn:// and svn+ssh:// protocols will no longer be available.
+  This does not apply to clients built to use the normal compile-time linking
+  of shared libraries: those clients will fail to start if the libsvn_ra_svn
+  shared module is removed.  Subversion's own runtime loading mechanism is
+  enabled at build-time by using --enable-runtime-module-search.
+
+  5. Users of 'svnsync sync' should use the two-URL-arguments form of the
+  command.  The current remote URL may be found by either of these two 
commands:
+      svnsync info -- $DEST_URL
+      svn proplist --verbose --revision=0 -- $DEST_URL
+  where $DEST_URL is the (first, or only) URL argument to 'svnsync sync'.
+  Then, change the svnsync invocation to always pass that URL as an additional
+  argument: change
+    svnsync sync URL/to/sync
+  to
+    svnsync sync URL/to/sync URL/to/source
+  NOTE: This recommendation applies only to 'svnsync sync' and does not fix
+  the 'checkout' / 'update' part of the issue.
+
+  6. Server administrators may wish to install a 'pre-commit' hook that
+  rejects commits that add invalid svn+*:// URLs, in order to protect their
+  users from other (malicious) users committing such URLs.
+
+  7. API consumers that implement a 'svn_ra_open_tunnel_func_t 
open_tunnel_func'
+  callback should audit it for issues similar to this one.
+
+  8. Subversion 1.7 and 1.6 are officially no longer supported.  The
+  patch for 1.8 will apply to 1.7 and a patch for 1.6 is available,
+  the patch for 1.6 could be adapted to even older versions.  Since
+  1.7 and 1.6 are no longer supported there will be no official
+  releases of those branches for this vulnerablity.
+
+  [1] 
http://svnbook.red-bean.com/en/1.7/svn.advanced.confarea.html#svn.advanced.confarea.layout
+      This link describes Subversion 1.7, but the description is correct for
+      all other versions as well.
+
+References:
+===========
+
+  CVE-2017-9800 (Subversion)
+  CVE-2017-12426 (GitLab)
+  CVE-2017-1000116 (Mercurial (hg))
+  CVE-2017-1000117 (Git)
+
+Reported by:
+============
+
+  Jonathan Nieder
+
+  Discovered by Joern Schneeweisz of Recurity Labs.
+
+Patches:
+========
+
+  Patch for Subversion 1.9.6:
+[[[
+Index: subversion/libsvn_ra_svn/client.c
+===================================================================
+--- subversion/libsvn_ra_svn/client.c  (revision 1803926)
++++ subversion/libsvn_ra_svn/client.c  (working copy)
+@@ -46,6 +46,7 @@
+ #include "svn_props.h"
+ #include "svn_mergeinfo.h"
+ #include "svn_version.h"
++#include "svn_ctype.h"
+ 
+ #include "svn_private_config.h"
+ 
+@@ -396,7 +397,7 @@
+        * versions have it too. If the user is using some other ssh
+        * implementation that doesn't accept it, they can override it
+        * in the [tunnels] section of the config. */
+-      val = "$SVN_SSH ssh -q";
++      val = "$SVN_SSH ssh -q --";
+     }
+ 
+   if (!val || !*val)
+@@ -441,7 +442,7 @@
+   for (n = 0; cmd_argv[n] != NULL; n++)
+     argv[n] = cmd_argv[n];
+ 
+-  argv[n++] = svn_path_uri_decode(hostinfo, pool);
++  argv[n++] = hostinfo;
+   argv[n++] = "svnserve";
+   argv[n++] = "-t";
+   argv[n] = NULL;
+@@ -802,7 +803,33 @@
+ }
+ 
+ 
++/* A simple whitelist to ensure the following are valid:
++ *   user@server
++ *   [::1]:22
++ *   server-name
++ *   server_name
++ *   127.0.0.1
++ * with an extra restriction that a leading '-' is invalid.
++ */
++static svn_boolean_t
++is_valid_hostinfo(const char *hostinfo)
++{
++  const char *p = hostinfo;
+ 
++  if (p[0] == '-')
++    return FALSE;
++
++  while (*p)
++    {
++      if (!svn_ctype_isalnum(*p) && !strchr(":.-_[]@", *p))
++        return FALSE;
++
++      ++p;
++    }
++
++  return TRUE;
++}
++
+ static svn_error_t *ra_svn_open(svn_ra_session_t *session,
+                                 const char **corrected_url,
+                                 const char *url,
+@@ -835,8 +862,18 @@
+           || (callbacks->check_tunnel_func && callbacks->open_tunnel_func
+               && !callbacks->check_tunnel_func(callbacks->tunnel_baton,
+                                                tunnel))))
+-    SVN_ERR(find_tunnel_agent(tunnel, uri.hostinfo, &tunnel_argv, config,
+-                              result_pool));
++    {
++      const char *decoded_hostinfo;
++
++      decoded_hostinfo = svn_path_uri_decode(uri.hostinfo, result_pool);
++
++      if (!is_valid_hostinfo(decoded_hostinfo))
++        return svn_error_createf(SVN_ERR_BAD_URL, NULL, _("Invalid host 
'%s'"),
++                                 uri.hostinfo);
++
++      SVN_ERR(find_tunnel_agent(tunnel, decoded_hostinfo, &tunnel_argv,
++                                config, result_pool));
++    }
+   else
+     tunnel_argv = NULL;
+ 
+Index: subversion/libsvn_subr/config_file.c
+===================================================================
+--- subversion/libsvn_subr/config_file.c       (revision 1803926)
++++ subversion/libsvn_subr/config_file.c       (working copy)
+@@ -1248,12 +1248,12 @@
+         "### passed to the tunnel agent as <user>@<hostname>.)  If the"      
NL
+         "### built-in ssh scheme were not predefined, it could be defined"   
NL
+         "### as:"                                                            
NL
+-        "# ssh = $SVN_SSH ssh -q"                                            
NL
++        "# ssh = $SVN_SSH ssh -q --"                                         
NL
+         "### If you wanted to define a new 'rsh' scheme, to be used with"    
NL
+         "### 'svn+rsh:' URLs, you could do so as follows:"                   
NL
+-        "# rsh = rsh"                                                        
NL
++        "# rsh = rsh --"                                                     
NL
+         "### Or, if you wanted to specify a full path and arguments:"        
NL
+-        "# rsh = /path/to/rsh -l myusername"                                 
NL
++        "# rsh = /path/to/rsh -l myusername --"                              
NL
+         "### On Windows, if you are specifying a full path to a command,"    
NL
+         "### use a forward slash (/) or a paired backslash (\\\\) as the"    
NL
+         "### path separator.  A single backslash will be treated as an"      
NL
+]]]
+
+  Patch for Subversion 1.8.18
+[[[
+Index: subversion/libsvn_ra_svn/client.c
+===================================================================
+--- subversion/libsvn_ra_svn/client.c  (revision 1803926)
++++ subversion/libsvn_ra_svn/client.c  (working copy)
+@@ -46,6 +46,7 @@
+ #include "svn_props.h"
+ #include "svn_mergeinfo.h"
+ #include "svn_version.h"
++#include "svn_ctype.h"
+ 
+ #include "svn_private_config.h"
+ 
+@@ -395,7 +396,7 @@
+        * versions have it too. If the user is using some other ssh
+        * implementation that doesn't accept it, they can override it
+        * in the [tunnels] section of the config. */
+-      val = "$SVN_SSH ssh -q";
++      val = "$SVN_SSH ssh -q --";
+     }
+ 
+   if (!val || !*val)
+@@ -435,7 +436,7 @@
+     ;
+   *argv = apr_palloc(pool, (n + 4) * sizeof(char *));
+   memcpy((void *) *argv, cmd_argv, n * sizeof(char *));
+-  (*argv)[n++] = svn_path_uri_decode(hostinfo, pool);
++  (*argv)[n++] = hostinfo;
+   (*argv)[n++] = "svnserve";
+   (*argv)[n++] = "-t";
+   (*argv)[n] = NULL;
+@@ -716,7 +717,33 @@
+ }
+ 
+ 
++/* A simple whitelist to ensure the following are valid:
++ *   user@server
++ *   [::1]:22
++ *   server-name
++ *   server_name
++ *   127.0.0.1
++ * with an extra restriction that a leading '-' is invalid.
++ */
++static svn_boolean_t
++is_valid_hostinfo(const char *hostinfo)
++{
++  const char *p = hostinfo;
+ 
++  if (p[0] == '-')
++    return FALSE;
++
++  while (*p)
++    {
++      if (!svn_ctype_isalnum(*p) && !strchr(":.-_[]@", *p))
++        return FALSE;
++
++      ++p;
++    }
++
++  return TRUE;
++}
++
+ static svn_error_t *ra_svn_open(svn_ra_session_t *session,
+                                 const char **corrected_url,
+                                 const char *url,
+@@ -740,8 +767,17 @@
+   parse_tunnel(url, &tunnel, pool);
+ 
+   if (tunnel)
+-    SVN_ERR(find_tunnel_agent(tunnel, uri.hostinfo, &tunnel_argv, config,
+-                              pool));
++    {
++      const char *decoded_hostinfo;
++
++      decoded_hostinfo = svn_path_uri_decode(uri.hostinfo, pool);
++      if (!is_valid_hostinfo(decoded_hostinfo))
++        return svn_error_createf(SVN_ERR_BAD_URL, NULL, _("Invalid host 
'%s'"),
++                                 uri.hostinfo);
++
++      SVN_ERR(find_tunnel_agent(tunnel, decoded_hostinfo, &tunnel_argv,
++                                config, pool));
++    }
+   else
+     tunnel_argv = NULL;
+ 
+Index: subversion/libsvn_subr/config_file.c
+===================================================================
+--- subversion/libsvn_subr/config_file.c       (revision 1803926)
++++ subversion/libsvn_subr/config_file.c       (working copy)
+@@ -1134,12 +1134,12 @@
+         "### passed to the tunnel agent as <user>@<hostname>.)  If the"      
NL
+         "### built-in ssh scheme were not predefined, it could be defined"   
NL
+         "### as:"                                                            
NL
+-        "# ssh = $SVN_SSH ssh -q"                                            
NL
++        "# ssh = $SVN_SSH ssh -q --"                                         
NL
+         "### If you wanted to define a new 'rsh' scheme, to be used with"    
NL
+         "### 'svn+rsh:' URLs, you could do so as follows:"                   
NL
+-        "# rsh = rsh"                                                        
NL
++        "# rsh = rsh --"                                                     
NL
+         "### Or, if you wanted to specify a full path and arguments:"        
NL
+-        "# rsh = /path/to/rsh -l myusername"                                 
NL
++        "# rsh = /path/to/rsh -l myusername --"                              
NL
+         "### On Windows, if you are specifying a full path to a command,"    
NL
+         "### use a forward slash (/) or a paired backslash (\\\\) as the"    
NL
+         "### path separator.  A single backslash will be treated as an"      
NL
+]]]

Added: subversion/site/publish/security/CVE-2017-9800-advisory.txt.asc
URL: 
http://svn.apache.org/viewvc/subversion/site/publish/security/CVE-2017-9800-advisory.txt.asc?rev=1804690&view=auto
==============================================================================
--- subversion/site/publish/security/CVE-2017-9800-advisory.txt.asc (added)
+++ subversion/site/publish/security/CVE-2017-9800-advisory.txt.asc Thu Aug 10 
18:04:00 2017
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIrBAABCAAdFiEEbrYLY3zlrL8kSaLa2yfpl0Ka8gwFAlmLcx0ACgkQ2yfpl0Ka
+8gy+lA+6A5G8S1NPrlWhu6Y3DpKimx7Wk7gF9XvRRJLqNTFP9ZqN+3M9ucRYWQK1
+6y0xscHKtdSiTiqEDzvNKAAkcHm+ZemU0YDt7OyR2SYORgJfUlmWPaM7G26eTWj/
+3pX02JubRK+ggY9p302/QvKJnWvssdg4r4VQGIpSYwmM59glBrHVgbrcNtpggc4V
+4irxuTmmidjFLSHdggJHYWPIoYlp3glYOAddDyRCIDtb7yigf1p/rNHFD8IGw9lH
+CiN+gcgl+wDSxgQWKKJTjQwnocGl2EmpSqu3Gxz3R+STWiCeaVwyAUGS7z/26CKP
+8gE+ZW51nQx9tDvfQaKMOz1/Zm+EJ0FFJH0ZRKCD+FHpszR6Po+qMSZM/TMaOmc2
+/ugoDf1sGp/tvVHx2lwwlfwKsWDW21lCUDegB8nFcVB9PTPnZ4VlOBP91pggKop3
+k5epgWqf2+mVv9cW8T5HSwqvh0J1hzOfa5d2Ez6UGbtg3oJi0pBrPLbZEXgYgEdM
+wPQ0QrjPmIxV1OxuJjJ2ZR3ot/Vxbh40dD1toVLUIek4BKZXj4d99h7C68x82EwD
+CdhYQ6eJl4IfQHc7U+r/nIvga9Mu9X9LFdL2Cx4WBS/iKBDhYPtbqhtEww8ibFir
+Ox0RrSIK0cYlbq07f3whmuQ55O2eYUGhZh+oKtoT
+=GRyz
+-----END PGP SIGNATURE-----

Modified: subversion/site/publish/security/index.html
URL: 
http://svn.apache.org/viewvc/subversion/site/publish/security/index.html?rev=1804690&r1=1804689&r2=1804690&view=diff
==============================================================================
--- subversion/site/publish/security/index.html (original)
+++ subversion/site/publish/security/index.html Thu Aug 10 18:04:00 2017
@@ -274,6 +274,15 @@ clients using http(s)://</td>
 <td>1.1.0-1.8.17 and 1.9.0-1.9.5</td>
 <td>Apache Subversion is unable to store SHA1 collisions.</td>
 </tr>
+
+<tr>
+<td><a href="CVE-2017-9800-advisory.txt">CVE-2017-9800-advisory.txt</a>
+[<a href="CVE-2017-9800-advisory.txt.asc">PGP</a>]</td>
+<td>1.0.0-1.8.18 and 1.9.0-1.9.6 and 1.10.0-alpha1-1.10.0-alpha3</td>
+<td>Arbitrary code execution on clients through malicious svn+ssh URLs in
+  svn:externals and svn:sync-from-url</td>
+</tr>
+
 </tbody>
 </table>
 

Modified: subversion/site/publish/site-nav.html
URL: 
http://svn.apache.org/viewvc/subversion/site/publish/site-nav.html?rev=1804690&r1=1804689&r2=1804690&view=diff
==============================================================================
--- subversion/site/publish/site-nav.html (original)
+++ subversion/site/publish/site-nav.html Thu Aug 10 18:04:00 2017
@@ -14,7 +14,7 @@
   </li>
   <li>Getting Subversion
     <ul>
-      <li><a href="/download.cgi">Source Download</a></li>
+      <li><a href="/download.cgi?update=201708081800">Source Download</a></li>
       <li><a href="/packages.html">Binary Packages</a></li>
       <li><a href="/docs/release-notes/">Release Notes</a></li>
     </ul>


Reply via email to