Daniel Shahaf wrote on Thu, 10 Aug 2017 18:04 +0000:
> I'm happy to announce the release of Apache Subversion 1.9.7.
> Please choose the mirror closest to you by visiting:
> http://subversion.apache.org/download.cgi?update=201708081800#recommended-release
> This is a stable security release of the Apache Subversion open source
> version control system.  It fixes one security issue:
>     CVE-2017-9800:
>     Arbitrary code execution on clients through malicious svn+ssh URLs in
>     svn:externals and svn:sync-from-url
>     http://subversion.apache.org/security/CVE-2017-9800-advisory.txt

This was a coordinated release, here are the other coordinated announcements:

  CVE-2017-12426 (GitLab)

  CVE-2017-1000116 (Mercurial (hg))

  CVE-2017-1000117 (Git)

Reply via email to