FEDORA-2015-11795

security update in Fedora 21 for subversion

Status: stable 4 years ago

This update includes the latest stable release of Apache Subversion, version 1.8.13.

Three security vulnerabilities are fixed in this update:

In addition, the following changes are included in the Subversion 1.8.13 update:

Client-side bugfixes: ra_serf: prevent abort of commits that have already succeeded ra_serf: support case-insensitivity in HTTP headers better error message if an external is shadowed ra_svn: fix reporting of directory read errors fix a redirect handling bug in 'svn log' over HTTP properly copy tree conflict information fix 'svn patch' output for reordered hunks http://subversion.tigris.org/issues/show_bug.cgi?id=4533 svnrdump load: don't load wrong props with no-deltas dump http://subversion.tigris.org/issues/show_bug.cgi?id=4551 fix working copy corruption with relative file external http://subversion.tigris.org/issues/show_bug.cgi?id=4411 don't crash if config file is unreadable svn resolve: don't ask a question with only one answer fix assertion failure in svn move working copy performance improvements handle existing working copies which become externals fix recording of WC meta-data for foreign repos copies fix calculating repository path of replaced directories fix calculating repository path after commit of switched nodes svnrdump: don't provide HEAD+1 as base revision for deletes don't leave conflict markers on files that are moved avoid unnecessary subtree mergeinfo recording * fix diff of a locally copied directory with props

Server-side bugfixes: fsfs: fix a problem verifying pre-1.4 repos used with 1.8 svnadmin freeze: fix memory allocation error svnadmin load: tolerate invalid mergeinfo at r0 svnadmin load: strip references to r1 from mergeinfo http://subversion.tigris.org/issues/show_bug.cgi?id=4538 svnsync: strip any r0 references from mergeinfo http://subversion.tigris.org/issues/show_bug.cgi?id=4476 fsfs: reduce memory consumption when operating on dag nodes reject invalid get-location-segments requests in mod_dav_svn and svnserve mod_dav_svn: reject invalid txnprop change requests

Client-side and server-side bugfixes: fix undefined behaviour in string buffer routines fix consistency issues with APR r/w locks on Windows fix occasional SEGV if threads load DSOs in parallel properly duplicate svn error objects * fix use-after-free in config parser

Comments 16

This update has been submitted for testing by jorton.

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/106679/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/106679/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/106718/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/106718/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

works for me

karma: +1

This update is currently being pushed to the Fedora 21 testing updates repository.

This update has been pushed to testing

no regressions noted

karma: +1

no issues

karma: +1

This update has reached the stable karma threshold and will be pushed to the stable updates repository

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/all/builds/28/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 stable updates repository.

This update is currently being pushed to the Fedora 21 stable updates repository.

This update has been pushed to stable

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Disabled
Autopush (time)
Disabled
Dates
submitted 4 years ago
in testing 4 years ago
in stable 4 years ago
modified 4 years ago

Related Bugs 7

00 #1183873 subversion must depend on systemd or systemd-units
00 #1205134 CVE-2015-0202 subversion: (mod_dav_svn) remote denial of service with certain REPORT requests
00 #1205138 CVE-2015-0248 subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers
00 #1205140 CVE-2015-0251 subversion: (mod_dav_svn) spoofing svn:author property values for new revisions
00 #1207723 CVE-2015-0202 subversion: (mod_dav_svn) remote denial of service with certain REPORT requests [fedora-all]
00 #1207724 CVE-2015-0248 subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers [fedora-all]
00 #1207725 CVE-2015-0251 subversion: (mod_dav_svn) spoofing svn:author property values for new revisions [fedora-all]

Automated Test Results