Patch |
r26047 |
r26047 | kfogel | 2007-08-11 20:26:00 -0500 (Sat, 11 Aug 2007) CVE-2007-3846: Check that client dir separator is not in a path component. See http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-3846. * subversion/libsvn_wc/update_editor.c (check_path_under_root): New helper function. (delete_entry, add_or_open_file, open_directory, add_directory): Call above, to prevent paths above cwd from being affected. Patch by: Nils Durner <ndurner{_AT_}googlemail.com> kfogel