Bug#419348: subversion: rare data loss / repository corruption bug
Peter Samuelson
peter at p12n.org
Sun Apr 15 06:49:39 UTC 2007
Package: subversion
Version: 1.0.0-1
Severity: grave
Justification: remote DoS (data corruption)
A race condition was recently discovered in subversion whereby two
commits overlapping in time could interact very badly, in certain
circumstances. You can not only lose the effect of one of the commits,
but with the BDB backend, you can possibly corrupt the whole repository
in a fairly spectacular way. (It _does_ require commit access to a
repository.) For details, see the upstream report at
http://subversion.tigris.org/issues/show_bug.cgi?id=2751.
This affects all releases at least as far back as 1.0.0, and will be
fixed upstream in 1.4.4. Upstream has produced patches (including a
regression test) for all release branches. As soon as I find the time
to build and test on sarge and etch, I intend to upload fixed packages
to sid, p-u and oldstable-p-u.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-subversion-maintainers/attachments/20070415/e7bc95c6/attachment.pgp
More information about the pkg-subversion-maintainers
mailing list