FEDORA-2019-1f81367ac3 created by jorton a year ago for Fedora 28
stable

This update includes the latest stable release of Apache Subversion, version 1.11.1. This update fixes a security issue in mod_dav_svn, CVE-2018-11803:

Malicious SVN clients can trigger a crash in mod_dav_svn by omitting the root path from a recursive directory listing request.

See https://subversion.apache.org/security/CVE-2018-11803-advisory.txt for more information.

User-visible changes:

Minor new features and improvements:

  • Conflict resolver support for added vs unversioned file
  • Conflict resolver support for unversioned directories
  • Improve help for 'svn add' and the '-N' option
  • Improve display of Mac OS name in 'svn --version --verbose'

Client-side bugfixes:

  • Fix: repos-to-WC copy with --parents doesn't create dirs (issue 4768)
  • Fix: foreign repo copy with peg/operative revisions (issue 4785)
  • Fix: foreign repo copy of file adding mergeinfo (issue 4792)
  • Fix: assertion failure using -rPREV on a working copy at r0 (issue 4532)
  • Fix: tree conflict message ends a sentence with a colon (issue 4717)

Server-side bugfixes:

  • Fix: unexpected SVN_ERR_FS_NOT_DIRECTORY errors (issue 4791)
  • Fix: mod_dav_svn's SVNUseUTF8 had no effect in some setups
  • Fix crash in mod_http2 (issue 4782)

Other tool improvements and bugfixes:

  • svndumpfilter: Clarify error messages by including node path

Bindings bugfixes:

  • JavaHL: Fix crash in client code when using external diff

Developer-visible changes:

General:

  • Fix build on systems without python in $PATH
  • Fix compiler warnings about indentation

How to install

sudo dnf upgrade --advisory=FEDORA-2019-1f81367ac3

This update has been submitted for testing by jorton.

a year ago

This update has been pushed to testing.

a year ago
User Icon hreindl commented & provided feedback a year ago
karma

works for me

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

a year ago
User Icon filiperosset commented & provided feedback 11 months ago
karma

no regressions noted

jorton edited this update.

11 months ago

jorton edited this update.

11 months ago

This update has been submitted for batched by jorton.

11 months ago

This update has been submitted for stable by bodhi.

11 months ago

This update has been pushed to stable.

11 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
a year ago
in testing
a year ago
in stable
11 months ago
modified
11 months ago
BZ#1668807 CVE-2018-11803 subversion: malicious SVN clients can crash mod_dav_svn
0
0
BZ#1671271 CVE-2018-11803 subversion: malicious SVN clients can crash mod_dav_svn [fedora-all]
0
0

Automated Test Results