Thanks, I'll pass it along. It mentions that commit access is required to exploit this though, so I think IT will probably ignore this if they haven't already patched it.
...Stu On Mon, Dec 16, 2013 at 2:20 PM, Ben Reser <b...@reser.org> wrote: > On 12/16/13 11:08 AM, Stuart MacDonald wrote: > > svn is 1.7.7 (we are not planning to upgrade for some time) > > This doesn't help with your issue but if you need ammo to convince IT to > upgrade: > https://subversion.apache.org/security/CVE-2013-4131-advisory.txt > > If it's a distribution package it might have been patched without changing > the > version number. >