FEDORA-2019-1f81367ac3 created by jorton a year ago for Fedora 28
stable

This update includes the latest stable release of Apache Subversion, version 1.11.1. This update fixes a security issue in mod_dav_svn, CVE-2018-11803:

Malicious SVN clients can trigger a crash in mod_dav_svn by omitting the root path from a recursive directory listing request.

See https://subversion.apache.org/security/CVE-2018-11803-advisory.txt for more information.

User-visible changes:

Minor new features and improvements:

  • Conflict resolver support for added vs unversioned file
  • Conflict resolver support for unversioned directories
  • Improve help for 'svn add' and the '-N' option
  • Improve display of Mac OS name in 'svn --version --verbose'

Client-side bugfixes:

  • Fix: repos-to-WC copy with --parents doesn't create dirs (issue 4768)
  • Fix: foreign repo copy with peg/operative revisions (issue 4785)
  • Fix: foreign repo copy of file adding mergeinfo (issue 4792)
  • Fix: assertion failure using -rPREV on a working copy at r0 (issue 4532)
  • Fix: tree conflict message ends a sentence with a colon (issue 4717)

Server-side bugfixes:

  • Fix: unexpected SVN_ERR_FS_NOT_DIRECTORY errors (issue 4791)
  • Fix: mod_dav_svn's SVNUseUTF8 had no effect in some setups
  • Fix crash in mod_http2 (issue 4782)

Other tool improvements and bugfixes:

  • svndumpfilter: Clarify error messages by including node path

Bindings bugfixes:

  • JavaHL: Fix crash in client code when using external diff

Developer-visible changes:

General:

  • Fix build on systems without python in $PATH
  • Fix compiler warnings about indentation

How to install

sudo dnf upgrade --advisory=FEDORA-2019-1f81367ac3

This update has been submitted for testing by jorton.

a year ago

This update has been pushed to testing.

a year ago
User Icon hreindl commented & provided feedback a year ago
karma

works for me

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

a year ago
User Icon filiperosset commented & provided feedback a year ago
karma

no regressions noted

jorton edited this update.

a year ago

jorton edited this update.

a year ago

This update has been submitted for batched by jorton.

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
modified
a year ago
BZ#1668807 CVE-2018-11803 subversion: malicious SVN clients can crash mod_dav_svn
0
0
BZ#1671271 CVE-2018-11803 subversion: malicious SVN clients can crash mod_dav_svn [fedora-all]
0
0

Automated Test Results