Soon after this, the version control system used by the WebKit browser engine became corrupted after these two proof-of-concept PDF files were uploaded to its repository.
WebKit uses the Apache SVN to keep track of code submissions and uses SHA-1 to track files and avoid duplication, as do many other projects.
The security researcher, who said he took apart the two PDFs to understand the means of attack better, did so because he found that the explanation offered by the Dutch team and Google was "not very helpful in understanding how they produced the PDFs".
He managed to recreate the attack in practice and wrote the Python script which could be used to create two files that could be used in an attack.
Meanwhile, Subversion developers have now released a script using which sysadmins can prevent this glitch; it will reject both the proof-of-concept PDFs and any others that attempt the same hack.
When the question of whether the distributed version control system git, created by Linux creator Linus Torvalds, was susceptible to an attack similar to that on Apache SVN, he said he had released two patches to mitigate against any likely attacks.
He also said that git was more secure against such attacks even in its unpatched state.