LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2010-16115 (subversion)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 12 Update: subversion-1.6.13-1.fc12.1 


Date:
    	      Thu, 28 Oct 2010 05:50:49 +0000


Message-ID:
    	      <20101028055049.C572C1110A3@bastion02.phx2.fedoraproject.org>


Archive-link:
    	      Article, Thread
              


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-16115
2010-10-11 18:56:56
--------------------------------------------------------------------------------

Name        : subversion
Product     : Fedora 12
Version     : 1.6.13
Release     : 1.fc12.1
URL         : http://subversion.apache.org/
Summary     : A Modern Concurrent Version Control System
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes.  Subversion only stores the differences between versions,
instead of every complete file.  Subversion is intended to be a
compelling replacement for CVS.

--------------------------------------------------------------------------------
Update Information:

This update includes the latest stable release of Subversion, version 1.6.13.

Subversion servers up to 1.6.12 (inclusive) making use of the
"SVNPathAuthz short_circuit" mod_dav_svn configuration setting have
a bug which may allow users to write and/or read portions of the
repository to which they are not intended to have access.  This issue is fixed in this update.

See http://subversion.apache.org/security/CVE-2010-3315-advis... for further details

A number of bug fixes are also included:

* don't drop properties during foreign-repo merges
* improve auto-props failure error message
* improve error message for 403 status with ra_neon
* don't allow 'merge --reintegrate' for 2-url merges
* improve handling of missing fsfs.conf during hotcopy
* escape unsafe characters in a URL during export
* don't leak stale locks in FSFS
* better detect broken working copies during update over ra_neon
* fsfs: make rev files read-only
* properly canonicalize a URL
* fix wc corruption with 'commit --depth=empty'
* permissions fixes when doing reintegrate merges
* fix mergeinfo miscalculation during 2-url merges
* fix error transmission problems in svnserve
* fixed: record-only merges create self-referential mergeinfo
* make 'svnmucc propset' handle existing and non-existing URLs
* add new 'propsetf' subcommand to svnmucc
* emit a warning about copied dirs during ci with limited depth

--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct  5 2010 Joe Orton <jorton@redhat.com> - 1.6.13-1
- update to 1.6.13
- add svnserve init script
- split out -libs subpackage
- restore PIE support
- fix comments in subversion.conf (#551484)
* Sat Apr 17 2010 Joe Orton <jorton@redhat.com> - 1.6.11-1
- update to 1.6.11
* Sat Feb 13 2010 Joe Orton <jorton@redhat.com> - 1.6.9-2
- fix detection of libkdecore
* Mon Feb  8 2010 Joe Orton <jorton@redhat.com> - 1.6.9-1
- update to 1.6.9 (#561810)
- fix comments in subversion.conf (#551484)
- update to psvn.el r40299
* Mon Jan 25 2010 Ville Skyttä <ville.skytta@iki.fi> - 1.6.6-5
- Include svn2cl and its man page only in the -svn2cl subpackage (#558598).
- Do not include bash completion in docs, it's installed.
* Mon Dec  7 2009 Stepan Kasal <skasal@redhat.com> - 1.6.6-4
- rebuild against perl 5.10.1
* Thu Nov 26 2009 Joe Orton <jorton@redhat.com> - 1.6.6-3
- rebuild for new db4
- trim libsvn_* from dependency_libs in *.la
* Wed Nov 25 2009 Kevin Kofler <Kevin@tigcc.ticalc.org> 1.6.6-2
- rebuild for Qt 4.6.0 RC1 in F13 (was built against Beta 1 with unstable ABI)
* Sun Nov  8 2009 Joe Orton <jorton@redhat.com> - 1.6.6-1
- update to 1.6.6
* Mon Nov  2 2009 Ville Skyttä <ville.skytta@iki.fi> - 1.6.5-3
- Apply svn2cl upstream patch to fix newline issues with libxml2 2.7.4+,
  see http://bugs.debian.org/546990 for details.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #640317 - CVE-2010-3315 Subversion: Access restriction bypass by checkout of the root
of the repository
        https://bugzilla.redhat.com/show_bug.cgi?id=640317
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update subversion' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds