On Wed, Jan 5, 2011 at 10:09 AM, Josh Bressers <bress...@redhat.com> wrote: > > OK, let's split the CVE id then. > > So for > A, "* prevent crash in mod_dav_svn when using SVNParentPath (r1033166)" > Upstream changeset: > http://svn.apache.org/viewvc?view=revision&revision=1033166 > > Let's use CVE-2010-4539. > > For > B, * fix server-side memory leaks triggered by 'blame -g' (r1032808) > References: > http://svn.haxx.se/dev/archive-2010-11/0102.shtml > Upstream changeset: > http://svn.apache.org/viewvc?view=revision&revision=1032808 > > Let's use CVE-2010-4644.
Sounds great. Should the Subversion project plan to write and publish advisories for these CVEs, or has the requester already done so? -Hyrum
