Fedora alert FEDORA-2014-17118 (subversion)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 21 Update: subversion-1.8.11-1.fc21 | |
| Date: | Mon, 05 Jan 2015 07:39:50 +0000 | |
| Message-ID: | <20150105074011.209196090BD2@bastion01.phx2.fedoraproject.org> |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2014-17118 2014-12-18 04:54:50 -------------------------------------------------------------------------------- Name : subversion Product : Fedora 21 Version : 1.8.11 Release : 1.fc21 URL : http://subversion.apache.org/ Summary : A Modern Concurrent Version Control System Description : Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS. -------------------------------------------------------------------------------- Update Information: This update includes the latest stable release of **Apache Subversion**, version **1.8.11**. Two security issues in mod_dav_svn are addressed in this release (CVE-2014-8108, CVE-2014-3580). For more details, see: http://subversion.apache.org/security/CVE-2014-8108-advis... http://subversion.apache.org/security/CVE-2014-3580-advis... **Client-side bugfixes:** * checkout/update: fix file externals failing to follow history and subsequently silently failing http://subversion.tigris.org/issues/show_bug.cgi?id=4185 * patch: don't skip targets in valid --git difs * diff: make property output in diffs stable * diff: fix diff of local copied directory with props * diff: fix changelist filter for repos-WC and WC-WC * remove broken conflict resolver menu options that always error out * improve gpg-agent support * fix crash in eclipse IDE with GNOME Keyring http://subversion.tigris.org/issues/show_bug.cgi?id=3498 * fix externals shadowing a versioned directory http://subversion.tigris.org/issues/show_bug.cgi?id=4085 * fix problems working on unix file systems that don't support permissions * upgrade: keep external registrations http://subversion.tigris.org/issues/show_bug.cgi?id=4519 * cleanup: iprove performance of recorded timestamp fixups * translation updates for German **Server-side bugfixes:** * disable revprop caching feature due to cache invalidation problems * skip generating uniquifiers if rep-sharing is not supported * mod_dav_svn: reject requests with missing repository paths * mod_dav_svn: reject requests with invalid virtual transaction names * mod_dav_svn: avoid unneeded memory growth in resource walking http://subversion.tigris.org/issues/show_bug.cgi?id=4531 -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 16 2014 Joe Orton <jorton@redhat.com> - 1.8.11-1 - update to 1.8.11 (#1174521) - require newer libserf (#1155670) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1174054 - CVE-2014-3580 subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests https://bugzilla.redhat.com/show_bug.cgi?id=1174054 [ 2 ] Bug #1174057 - CVE-2014-8108 subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names https://bugzilla.redhat.com/show_bug.cgi?id=1174057 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update subversion' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...