FEDORA-2015-be2c11d456 — security update for subversion — Fedora Updates System

obsolete

subversion-1.8.14-1.fc22

FEDORA-2015-be2c11d456 created by jorton 9 years ago for Fedora 22

This update includes the latest stable release of Apache Subversion, version 1.8.14. This update fixes two security issues:

CVE-2015-3184: Subversion's mod_authz_svn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. http://subversion.apache.org/security/CVE-2015-3184-advisory.txt
CVE-2015-3187: Subversion servers, both httpd and svnserve, will reveal some paths that should be hidden by path-based authz. http://subversion.apache.org/security/CVE-2015-3187-advisory.txt

User-visible changes:

Client-side bugfixes:

document svn:autoprops
cp: fix 'svn cp ^/A/D/H@1 ^/A' to properly create A
resolve: improve conflict prompts for binary files
ls: improve performance of '-v' on tag directories
improved Sqlite 3.8.9 query performance regression on externals
fixed issue 4580: 'svn -v st' on file externals reports "?" instead of user and revision after 'svn up'

Server-side bugfixes:

mod_dav_svn: do not ignore skel parsing errors
detect invalid svndiff data earlier
prevent possible repository corruption on power/disk failures
fixed issue 4577: Read error with nodes whose DELTA chain starts with a PLAIN rep
fixed issue 4531: server-side copy (over dav) is slow and uses too much memory

Developer-visible changes:

General:

avoid failing some tests on versions of Python with a very old sqlite
fix Ruby tests so they don't use the users real configuration

Bindings:

swig-pl: fix some stack memory problems

This update has been submitted for testing by jorton.

jorton edited this update.

jorton edited this update.

This update has been pushed to testing.

jorton edited this update.

hreindl commented & provided feedback 9 years ago

karma

completly broken - see https://bugzilla.redhat.com/show_bug.cgi?id=1267614

mhayden commented & provided feedback 9 years ago

karma

Works for me.

jorton edited this update.

filiperosset commented & provided feedback 9 years ago

karma

no regressions noted, svn checkout working fine

This update has reached 11 days in testing and can be pushed to stable now if the maintainer wishes

This update has been obsoleted by subversion-1.8.15-1.fc22.

Please login to add feedback.

Metadata

Type

security

Karma

1

Signed

Content Type

RPM

Test Gating

None

Autopush Settings

Unstable by Karma

-3

Stable by Karma

3

Stable by Time

disabled

Thresholds

Minimum Karma

+1

Minimum Testing

7 days

Dates

submitted

9 years ago

in testing

9 years ago

modified

9 years ago

Builds

1

subversion-1.8.14-1.fc22

BZ#1247249 CVE-2015-3184 subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4

0

0

BZ#1247525 rhnservergroup table thrown error when run insert/update sql.

0

0

BZ#1250879 CVE-2015-3184 subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4 [fedora-all]

0

0

BZ#1250880 CVE-2015-3187 subversion: svn_repos_trace_node_locations() reveals paths hidden by authz [fedora-all]

0

0

subversion-1.8.14-1.fc22

Automated Test Results

None

Copyright © 2007-2025 Red Hat, Inc. and others.

Running bodhi-server 8.3.0 on bodhi-web-177-ngwjn.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

• Composes • Legal • Privacy policy •