Sicherheit: Zwei Probleme in Subversion
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Subversion
ID: FEDORA-2015-afdb0e8aaa
Distribution: Fedora
Plattformen: Fedora 23
Datum: Di, 22. Dezember 2015, 23:16
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5343
Applikationen: Subversion


Name        : subversion
Product : Fedora 23
Version : 1.9.3
Release : 1.fc23
URL : http://subversion.apache.org/
Summary : A Modern Concurrent Version Control System
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. Subversion only stores the differences between versions,
instead of every complete file. Subversion is intended to be a
compelling replacement for CVS.

Update Information:

This update includes the latest stable release of _Apache Subversion_, version
**1.9.3**. ### User-visible changes: #### Client-side bugfixes: * svn: fix
possible crash in auth credentials cache * cleanup: avoid unneeded memory
growth during pristine cleanup * diff: fix crash when repository is on server
root * fix translations for commit notifications * ra_serf: fix crash in
multistatus parser * svn: report lock/unlock errors as failures * svn:
user deleted external registrations * svn: allow simple resolving of binary
file text conflicts * svnlook: properly remove tempfiles on diff errors *
ra_serf: report built- and run-time versions of libserf * ra_serf: set
Type header in outgoing requests * svn: fix merging deletes of svn:eol-style
CRLF/CR files * ra_local: disable zero-copy code path #### Server-side
bugfixes: * mod_authz_svn: fix authz with mod_auth_kerb/mod_auth_ntlm ( [issue
4602](http://subversion.tigris.org/issues/show_bug.cgi?id=4602)) * mod_dav_svn:
fix display of process ID in cache statistics * mod_dav_svn: use
LimitXMLRequestBody for skel-encoded requests * svnadmin dump: preserve no-op
changes * fsfs: avoid unneeded I/O when opening transactions #### Bindings
bugfixes: * javahl: fix ABI incompatibilty with 1.8 * javahl: allow non-
absolute paths in SVNClient.vacuum ### Developer-visible changes: ####
* fix patch filter invocation in svn_client_patch() * add \@since information
to config defines * fix running the tests in compatibility mode * clarify
documentation of svn_fs_node_created_rev() #### API changes: * fix overflow
detection in svn_stringbuf_remove and _replace * don't ignore some of the
parameters to svn_ra_svn_create_conn3

[ 1 ] Bug #1289959 - CVE-2015-5343 subversion: (mod_dav_svn) integer overflow
when parsing skel-encoded request bodies
[ 2 ] Bug #1289958 - CVE-2015-5259 subversion: integer overflow in the svn://
protocol parser

This update can be installed with the "yum" update program. Use
su -c 'yum update subversion' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Traut euch!
Neue Nachrichten