Login | Register
My pages Projects Community openCollabNet

Discussions > dev > Re: TortoiseSVN bundles vulnerable copy of Expat - please update to 2.2.3

Project highlights: :. Download .: :. Support .: :. FAQ .: :. Translations .: :. Donate .: :. Report Bug .:

tortoisesvn
Discussion topic

Back to topic list

Re: TortoiseSVN bundles vulnerable copy of Expat - please update to 2.2.3

Author steveking
Full name Stefan Küng
Date 2017-08-04 23:20:09 PDT
Message On 05.08.2017 00:04, Sebastian Pipping wrote:
> Hi!
>
>
> Just a quick note that Expat 2.2.3 has been released, including a fix to
> DLL hijacking (CVE-2017-11742 [1]). For more details, please check the
> change log [2].

that problem doesn't apply here:
* we link expat not as a dll but link statically
* TSVN changes the dll search path at start so these kind of hijackings
can't work

but thanks for the info.

Stefan

--
        ___
   oo // \\ "De Chelonian Mobile"
  (_,\/ \_/ \ TortoiseSVN
    \ \_/_\_/> The coolest interface to (Sub)version control
    /_/ \_\ http://tortoisesvn.net

« Previous message in topic | 2 of 2 | Next message in topic »

Messages

Show all messages in topic

TortoiseSVN bundles vulnerable copy of Expat - please update to 2.2.3 hartwork Sebastian Pipping 2017-08-04 15:05:53 PDT
     Re: TortoiseSVN bundles vulnerable copy of Expat - please update to 2.2.3 steveking Stefan Küng 2017-08-04 23:20:09 PDT
Messages per page: