Login-Name Passwort


Sicherheit: Ausführen beliebiger Kommandos in Subversion
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in Subversion
ID: FEDORA-2017-c629f16f6c
Distribution: Fedora
Plattformen: Fedora 25
Datum: Fr, 6. Januar 2017, 09:14
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8734


Name        : subversion
Product : Fedora 25
Version : 1.9.5
Release : 1.fc25
URL : http://subversion.apache.org/
Summary : A Modern Concurrent Version Control System
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. Subversion only stores the differences between versions,
instead of every complete file. Subversion is intended to be a
compelling replacement for CVS.

Update Information:

This update includes the latest stable release of _Apache Subversion_, version
**1.9.5**. #### Client-side bugfixes: * fix accessing non-existent paths
reintegrate merge * fix handling of newly secured subdirectories in working
copy * info: remove trailing whitespace in --show-item=revision ([issue
4660]show_bug.cgi?id=4660) * fix recording
wrong revisions for tree conflicts * gpg-agent: improve discovery of gpg-agent
sockets * gpg-agent: fix file descriptor leak * resolve: fix --accept=mine-
full for binary files ([issue
4647](http://subversion.tigris.org/issues/show_bug.cgi?id=4647)) * merge: fix
possible crash ([issue
4652](http://subversion.tigris.org/issues/show_bug.cgi?id=4652)) * resolve: fix
possible crash * fix potential crash in Win32 crash reporter #### Server-side
bugfixes: * fsfs: fix "offset too large" error during pack ([issue
4657](http://subversion.tigris.org/issues/show_bug.cgi?id=4657)) * svnserve:
enable hook script environments * fsfs: fix possible data reconstruction error
([issue 4658](http://subversion.tigris.org/issues/show_bug.cgi?id=4658)) * fix
source of spurious 'incoming edit' tree conflicts * fsfs: improve
caching for
large directories * fsfs: fix crash when encountering all-zero checksums *
fsfs: fix potential source of repository corruptions * mod_dav_svn: fix
excessive memory usage with mod_headers/mod_deflate ([issue
3084](http://subversion.tigris.org/issues/show_bug.cgi?id=3084)) * mod_dav_svn:
reduce memory usage during GET requests * fsfs: fix unexpected "database
locked" errors * fsfs: fix opening old repositories without db/format
#### Client-side and server-side bugfixes: * fix possible crash when reading
invalid configuration files #### Bindings bugfixes: * swig-pl: do not corrupt
"{DATE}" revision variable * javahl: fix temporary accepting SSL
certificates * swig-pl: fix possible stack corruption

[ 1 ] Bug #1397403 - CVE-2016-8734 subversion: unrestricted XML entity
expansion in mod_dontdothat and Subversion clients using http(s)://

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade subversion' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Traut euch!
Neue Nachrichten