subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Reser <>
Subject ssh vulnerability that has potential impacts to Subversion users
Date Fri, 08 Nov 2013 22:29:20 GMT
OpenSSH released a fix for a memory corruption with AES-GCM ciphers in OpenSSH
6.2 and 6.3.

Their advisory is here:

If you're using Subversion in a svn+ssh:// configuration that restrictions on
the command being run using the command field in the authorized_keys file it
may be possible to bypass this restriction.

This Subversion configuration is described in the SVN Book here:

View raw message