CVE-2017-9800 (was: svn commit: r1804692 - /subversion/trunk/notes/ssh-tricks)
C. Michael Pilato
cmpilato at red-bean.com
Fri Aug 11 15:07:59 CDT 2017
Done in r5391 (trunk), r5392 (1.7), and r5395 (1.6). Thanks for the
reminder, Daniel!
On Thu, Aug 10, 2017 at 2:29 PM, Daniel Shahaf <d.s at daniel.shahaf.name>
wrote:
> Hi, please check the book's recommendations regarding $SVN_SSH and
> tunnels and ensure it adds '--' there so readers on pre-1.9.7 versions
> aren't given advice that's vulnerable to CVE-2017-9800.
>
> Daniel
>
> danielsh at apache.org wrote on Thu, 10 Aug 2017 18:15 +0000:
> > Author: danielsh
> > Date: Thu Aug 10 18:15:12 2017
> > New Revision: 1804692
> >
> > URL: http://svn.apache.org/viewvc?rev=1804692&view=rev
> > Log:
> > Follow-up to r1804691:
> >
> > * notes/ssh-tricks: Update this documentation, too.
> >
> > This patch is separate because notes/ is not in tarballs.
> >
> > Modified:
> > subversion/trunk/notes/ssh-tricks
> >
> > Modified: subversion/trunk/notes/ssh-tricks
> > URL: http://svn.apache.org/viewvc/subversion/trunk/notes/ssh-
> tricks?rev=1804692&r1=1804691&r2=1804692&view=diff
> > ============================================================
> ==================
> > --- subversion/trunk/notes/ssh-tricks (original)
> > +++ subversion/trunk/notes/ssh-tricks Thu Aug 10 18:15:12 2017
> > @@ -15,7 +15,7 @@ not work with password authentication.
> > the client's key-pair is used only for access to svnserve; if you want
> > to retain general shell access to the host, create a second, dedicated
> > key-pair for Subversion access and (assuming a Unix client) set the
> > -environment variable SVN_SSH to "ssh -i /path/to/private/key/file".
> > +environment variable SVN_SSH to "ssh -i /path/to/private/key/file --".
> >
> > The basic idea
> > --------------
> >
> >
>
> _______________________________________________
> svnbook-dev mailing list
> svnbook-dev at red-bean.com
> http://www.red-bean.com/mailman/listinfo/svnbook-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.red-bean.com/pipermail/svnbook-dev/attachments/20170811/12ebddbf/attachment.html>
More information about the svnbook-dev
mailing list