Daniel Shahaf wrote on Thu, 10 Aug 2017 18:04 +0000: > I'm happy to announce the release of Apache Subversion 1.9.7. > Please choose the mirror closest to you by visiting: > > > http://subversion.apache.org/download.cgi?update=201708081800#recommended-release > > This is a stable security release of the Apache Subversion open source > version control system. It fixes one security issue: > > CVE-2017-9800: > Arbitrary code execution on clients through malicious svn+ssh URLs in > svn:externals and svn:sync-from-url > http://subversion.apache.org/security/CVE-2017-9800-advisory.txt
This was a coordinated release, here are the other coordinated announcements: CVE-2017-12426 (GitLab) https://about.gitlab.com/2017/08/10/gitlab-9-dot-4-dot-4-released/ CVE-2017-1000116 (Mercurial (hg)) https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-August/102699.html CVE-2017-1000117 (Git) https://public-inbox.org/git/xmqqh8xf482j....@gitster.mtv.corp.google.com/T/#u
