For our campus users of Subversion and TortoiseSVN version control systems it is time to update. Versions prior to the recently released 1.4.5 version have a bug that allows a directory-traversal attack on a windows system using the "..\" syntax. This would allow a client user with write access to overwrite arbitrary system files for which he has write access privileges.
For more information see:
For the newest versions of Subversion:
Posted by Douglas Couch on August 30, 2007, in Handlers Log.