Subversion 1.6.4 has been released to fix a vulnerability.
(06 Aug 2009, from /branches/1.6.x)
* fixed: heap overflow vulnerability on server and client
See CVE-2009-2411, and descriptive advisory at
More details below.
Subversion 1.6.4 has been released, available from:
THIS IS A SECURITY RELEASE, addressing the issue
The CVE page may not be public yet when you read this,
but will be soon.
The full text of the advisory is available at:
This security issue affects both clients and
servers. Clients with commit access to a
vulnerable server can cause a remote heap overflow. Servers can cause a heap overflow on vulnerable
clients that try to do a checkout or update.
Subversion 1.6.4 differs from 1.6.4 only in the fix for this issue. Upgrading to Subversion 1.6.4 (or Subversion
simultaneously) is therefore strongly recommended for
Subversion client and server installations on all platforms.
Release notes for the 1.6.x release series may be found
You can find the list of changes between 1.6.4 and
earlier versions at: