drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Subversion
Name: |
Ausführen beliebiger Kommandos in Subversion |
|
ID: |
FEDORA-2017-c629f16f6c |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 25 |
|
Datum: |
Fr, 6. Januar 2017, 09:14 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8734 |
|
Applikationen: |
Subversion |
|
Originalnachricht |
Name : subversion Product : Fedora 25 Version : 1.9.5 Release : 1.fc25 URL : http://subversion.apache.org/ Summary : A Modern Concurrent Version Control System Description : Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS.
------------------------------------------------------------------------------- - Update Information:
This update includes the latest stable release of _Apache Subversion_, version **1.9.5**. #### Client-side bugfixes: * fix accessing non-existent paths during reintegrate merge * fix handling of newly secured subdirectories in working copy * info: remove trailing whitespace in --show-item=revision ([issue 4660]show_bug.cgi?id=4660) * fix recording wrong revisions for tree conflicts * gpg-agent: improve discovery of gpg-agent sockets * gpg-agent: fix file descriptor leak * resolve: fix --accept=mine- full for binary files ([issue 4647](http://subversion.tigris.org/issues/show_bug.cgi?id=4647)) * merge: fix possible crash ([issue 4652](http://subversion.tigris.org/issues/show_bug.cgi?id=4652)) * resolve: fix possible crash * fix potential crash in Win32 crash reporter #### Server-side bugfixes: * fsfs: fix "offset too large" error during pack ([issue 4657](http://subversion.tigris.org/issues/show_bug.cgi?id=4657)) * svnserve: enable hook script environments * fsfs: fix possible data reconstruction error ([issue 4658](http://subversion.tigris.org/issues/show_bug.cgi?id=4658)) * fix source of spurious 'incoming edit' tree conflicts * fsfs: improve caching for large directories * fsfs: fix crash when encountering all-zero checksums * fsfs: fix potential source of repository corruptions * mod_dav_svn: fix excessive memory usage with mod_headers/mod_deflate ([issue 3084](http://subversion.tigris.org/issues/show_bug.cgi?id=3084)) * mod_dav_svn: reduce memory usage during GET requests * fsfs: fix unexpected "database is locked" errors * fsfs: fix opening old repositories without db/format files #### Client-side and server-side bugfixes: * fix possible crash when reading invalid configuration files #### Bindings bugfixes: * swig-pl: do not corrupt "{DATE}" revision variable * javahl: fix temporary accepting SSL server certificates * swig-pl: fix possible stack corruption ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1397403 - CVE-2016-8734 subversion: unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s):// https://bugzilla.redhat.com/show_bug.cgi?id=1397403 ------------------------------------------------------------------------------- -
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade subversion' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
|
|
|
|