Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 18 Jan 2009 22:00:03 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: oss-security@...ts.openwall.com
Subject: CVE request: WebSVN

WebSVN 2.0 does not properly implement access control checks, allowing
authenticated users to access files with known paths.

(This is fixed in version 2.1.  I think this feature was only included
in the 1.7 betas, and no released 1.x version before that.  Relevant
fixes are probably in r635, r636, r649.)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ