Login
Newsletter
Werbung
Sicherheit: Preisgabe von Informationen in Subversion
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in Subversion
ID: FEDORA-2014-9636
Distribution: Fedora
Plattformen: Fedora 20
Datum: Do, 28. August 2014, 19:08
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3522
Applikationen: Subversion

Originalnachricht

 
Name        : subversion
Product     : Fedora 20
Version     : 1.8.10
Release     : 1.fc20
URL         : http://subversion.apache.org/
Summary     : A Modern Concurrent Version Control System
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes.  Subversion only stores the differences between versions,
instead of every complete file.  Subversion is intended to be a
compelling replacement for CVS.

-------------------------------------------------------------------------------
-
Update Information:

This update includes the latest stable release of **Apache Subversion**,
 version **1.8.10**.



**Client-side bugfixes:**

* guard against md5 hash collisions when finding cached credentials

* ra_serf: properly match wildcards in SSL certs. 

* ra_serf: ignore the CommonName in SSL certs where there are Subject Alt Names
 

* ra_serf: fix a URI escaping bug that prevented deleting locked paths

* rm: Display the proper URL when deleting a URL in the commit log editor

* log: Fix another instance of broken pipe error

* copy: Properly handle props not present or excluded on cross wc copy

* copy: Fix copying parents of locally deleted nodes between wcs

* externals: Properly delete ancestor directories of externals when removing
 the external by changing svn:externals.

* ra_serf: fix memory lifetime of some hash values 



**Server-side bugfixes:**

* fsfs: omit config file when creating pre-1.5 format repos 



**Bindings:**

* ruby: removing warning about Ruby 1.9 support being new. 

* python: fix notify_func callbacks 


-------------------------------------------------------------------------------
-
ChangeLog:

* Mon Aug 18 2014 Joe Orton <jorton@redhat.com> - 1.8.10-1
- update to 1.8.10 (#1129100, #1128884, #1125800)
* Mon Aug 18 2014 Fedora Release Engineering
 <rel-eng@lists.fedoraproject.org> - 1.8.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun  8 2014 Fedora Release Engineering
 <rel-eng@lists.fedoraproject.org> - 1.8.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 28 2014 Joe Orton <jorton@redhat.com> - 1.8.9-1
- update to 1.8.9 (#1100779)
* Tue Apr 29 2014 Vít Ondruch <vondruch@redhat.com> - 1.8.8-3
- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.1
* Tue Apr 22 2014 Joe Orton <jorton@redhat.com> - 1.8.8-2
- require minitest 4 to fix tests for Ruby bindings (#1089252)
* Fri Feb 28 2014 Joe Orton <jorton@redhat.com> - 1.8.8-1
- update to 1.8.8
* Thu Jan 23 2014 Joe Orton <jorton@redhat.com> - 1.8.5-4
- fix _httpd_mmn expansion in absence of httpd-devel
* Mon Jan  6 2014 Joe Orton <jorton@redhat.com> - 1.8.5-3
- fix permissions of /run/svnserve (#1048422)
* Tue Dec 10 2013 Joe Orton <jorton@redhat.com> - 1.8.5-2
- don't drop -Wall when building swig Perl bindings (#1037341)
* Tue Nov 26 2013 Joe Orton <jorton@redhat.com> - 1.8.5-1
- update to 1.8.5 (#1034130)
- add fix for wc-queries-test breakage (h/t Andreas Stieger, r1542774)
* Mon Nov 18 2013 Joe Orton <jorton@redhat.com> - 1.8.4-2
- add fix for ppc breakage (Andreas Stieger, #985582)
* Tue Oct 29 2013 Joe Orton <jorton@redhat.com> - 1.8.4-1
- update to 1.8.4
-------------------------------------------------------------------------------
-
References:

  [ 1 ] Bug #1125800 - subversion: credentials leak via MD5 collision
 [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1125800
  [ 2 ] Bug #1129100 - subversion-1.8.10 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1129100
  [ 3 ] Bug #1128884 - CVE-2014-3522 subversion: incorrect SSL certificate
 validation in Serf RA (repository access) layer [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1128884
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program.  Use
su -c 'yum update subversion' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung