drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in subversion
Name: |
Denial of Service in subversion |
|
ID: |
FEDORA-2021-a3a0273cb2 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 33 |
|
Datum: |
Fr, 12. Februar 2021, 07:14 |
|
Referenzen: |
https://bugzilla.redhat.com/show_bug.cgi?id=1768698
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17525
https://bugzilla.redhat.com/show_bug.cgi?id=1927265 |
|
Applikationen: |
Subversion |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2021-a3a0273cb2 2021-02-12 01:40:32.524689 ------------------------------------------------------------------------------- -
Name : subversion Product : Fedora 33 Version : 1.14.1 Release : 1.fc33 URL : https://subversion.apache.org/ Summary : A Modern Concurrent Version Control System Description : Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS.
------------------------------------------------------------------------------- - Update Information:
This update includes the latest stable release of _Apache Subversion_, version **1.14.1**. This release includes the fix for `CVE-2020-17525`, a remote unauthenticated denial-of-service in Subversion mod_authz_svn. The full upstream security advisory for `CVE-2020-17525` is available at: https://subversion.apache.org/security/CVE-2020-17525-advisory.txt ### User- visible changes: #### Client-side improvements and bugfixes: * Fix non- deterministic generation of mergeinfo (issue [SVN-4862](https://issues.apache.org/jira/browse/SVN-4862)) * Fix merge removing a folder with non-inheritable mergeinfo (issue [SVN-4859](https://issues.apache.org/jira/browse/SVN-4859)) * Do not suggest --help -v for commands which do not support -v * Fix invalid SQL quoting in working copy upgrade system * Fix problems in human-readable file size formatting * Improve an error message from svnmucc * Fix 'svn info --xml' gives wrong 'source-right' of conflict (issue [SVN-4869](https://issues.apache.org/jira/browse/SVN-4869)) * Convert filename for editor from UTF-8 to the locale's encoding #### Server-side improvements and bugfixes: * Fix authz doesn't combine global and repository rules (issue [SVN-4762](https://issues.apache.org/jira/browse/SVN-4762)) * Make the hot- backup.py script work with Python 3 * Fix an uninitialized read in FSFS * Make mailer.py work properly with Python 3 * Fix a potential NULL dereference in the config file parser ------------------------------------------------------------------------------- - ChangeLog:
* Wed Feb 10 2021 Joe Orton <jorton@redhat.com> - 1.14.1-1 - update to 1.14.1 (#1927265, #1768698) * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.14.0-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Wed Jan 6 2021 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.14.0-11 - F-34: rebuild against ruby 3.0 * Fri Dec 11 2020 Joe Orton <jorton@redhat.com> - 1.14.0-10 - strip libdir from pkgconfig files - add missing -libs dep from python3-subversion * Thu Dec 3 2020 Joe Orton <jorton@redhat.com> - 1.14.0-9 - fix KWallet conditional (#1902598) * Mon Nov 30 2020 Jan Grulich <jgrulich@redhat.com> - 1.14.0-8 - Disable KWallet for RHEL and ELN Resolves: bz#1902598 * Tue Sep 29 2020 Joe Orton <jorton@redhat.com> - 1.14.0-7 - bump required apr-devel - BR gcc, gcc-c++ ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1768698 - hot-backup.py is no longer working https://bugzilla.redhat.com/show_bug.cgi?id=1768698 [ 2 ] Bug #1927265 - subversion-1.14.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1927265 [ 3 ] Bug #1927472 - CVE-2020-17525 subversion: Remote unauthenticated denial-of-service in mod_authz_svn [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1927472 ------------------------------------------------------------------------------- -
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-a3a0273cb2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
|
|
|
|