FEDORA-2015-11795 created by jorton 4 years ago for Fedora 21
stable

This update includes the latest stable release of Apache Subversion, version 1.8.13.

Three security vulnerabilities are fixed in this update:

In addition, the following changes are included in the Subversion 1.8.13 update:

Client-side bugfixes: ra_serf: prevent abort of commits that have already succeeded ra_serf: support case-insensitivity in HTTP headers better error message if an external is shadowed ra_svn: fix reporting of directory read errors fix a redirect handling bug in 'svn log' over HTTP properly copy tree conflict information fix 'svn patch' output for reordered hunks http://subversion.tigris.org/issues/show_bug.cgi?id=4533 svnrdump load: don't load wrong props with no-deltas dump http://subversion.tigris.org/issues/show_bug.cgi?id=4551 fix working copy corruption with relative file external http://subversion.tigris.org/issues/show_bug.cgi?id=4411 don't crash if config file is unreadable svn resolve: don't ask a question with only one answer fix assertion failure in svn move working copy performance improvements handle existing working copies which become externals fix recording of WC meta-data for foreign repos copies fix calculating repository path of replaced directories fix calculating repository path after commit of switched nodes svnrdump: don't provide HEAD+1 as base revision for deletes don't leave conflict markers on files that are moved avoid unnecessary subtree mergeinfo recording * fix diff of a locally copied directory with props

Server-side bugfixes: fsfs: fix a problem verifying pre-1.4 repos used with 1.8 svnadmin freeze: fix memory allocation error svnadmin load: tolerate invalid mergeinfo at r0 svnadmin load: strip references to r1 from mergeinfo http://subversion.tigris.org/issues/show_bug.cgi?id=4538 svnsync: strip any r0 references from mergeinfo http://subversion.tigris.org/issues/show_bug.cgi?id=4476 fsfs: reduce memory consumption when operating on dag nodes reject invalid get-location-segments requests in mod_dav_svn and svnserve mod_dav_svn: reject invalid txnprop change requests

Client-side and server-side bugfixes: fix undefined behaviour in string buffer routines fix consistency issues with APR r/w locks on Windows fix occasional SEGV if threads load DSOs in parallel properly duplicate svn error objects * fix use-after-free in config parser

How to install

sudo dnf upgrade --advisory=FEDORA-2015-11795

This update has been submitted for testing by jorton.

4 years ago

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/106679/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/106679/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/106718/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/106718/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

4 years ago
User Icon hreindl commented & provided feedback 4 years ago
karma

works for me

This update is currently being pushed to the Fedora 21 testing updates repository.

4 years ago

This update has been pushed to testing

4 years ago
User Icon filiperosset commented & provided feedback 4 years ago
karma

no regressions noted

User Icon fcon commented & provided feedback 4 years ago
karma

no issues

This update has reached the stable karma threshold and will be pushed to the stable updates repository

4 years ago

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/all/builds/28/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 stable updates repository.

4 years ago

This update is currently being pushed to the Fedora 21 stable updates repository.

4 years ago

This update has been pushed to stable

4 years ago

Please login to add feedback.

Metadata
Type
security
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Dates
submitted
4 years ago
in testing
4 years ago
in stable
4 years ago
modified
4 years ago
BZ#1183873 subversion must depend on systemd or systemd-units
0
0
BZ#1205134 CVE-2015-0202 subversion: (mod_dav_svn) remote denial of service with certain REPORT requests
0
0
BZ#1205138 CVE-2015-0248 subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers
0
0
BZ#1205140 CVE-2015-0251 subversion: (mod_dav_svn) spoofing svn:author property values for new revisions
0
0
BZ#1207723 CVE-2015-0202 subversion: (mod_dav_svn) remote denial of service with certain REPORT requests [fedora-all]
0
0
BZ#1207724 CVE-2015-0248 subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers [fedora-all]
0
0
BZ#1207725 CVE-2015-0251 subversion: (mod_dav_svn) spoofing svn:author property values for new revisions [fedora-all]
0
0

Automated Test Results