[SECURITY] Fedora 14 Update: subversion-1.6.15-1.fc14

Tue Jan 18 21:35:07 UTC 2011

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0099
2011-01-04 20:15:32
--------------------------------------------------------------------------------

Name        : subversion
Product     : Fedora 14
Version     : 1.6.15
Release     : 1.fc14
URL         : http://subversion.apache.org/
Summary     : A Modern Concurrent Version Control System
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes.  Subversion only stores the differences between versions,
instead of every complete file.  Subversion is intended to be a
compelling replacement for CVS.

--------------------------------------------------------------------------------
Update Information:

This release includes the latest Subversion release, fixing several bugs:

* improve svnsync handling of dir copies 
* hide unreadable dirs in mod_dav_svn's GET response
* make 'svnmucc propsetf' actually work
* limit memory fragmentation in svnserve
* fix 'svn export' regression from 1.6.13
* fix 'svn export' mistakenly uri-encodes paths
* fix server-side memory leaks triggered by 'blame -g'
* prevent crash in mod_dav_svn when using SVNParentPath
* allow 'log -g' to continue in the face of invalid mergeinfo
* filter unreadable paths for 'svn ls' and 'svn co'
* fix abort in 'svn blame -g'
* fix file handle leak in ruby bindings
* remove check for 1.7-style working copies

--------------------------------------------------------------------------------
ChangeLog:

* Sun Nov 28 2010 Joe Orton <jorton at redhat.com> - 1.6.15-1
- update to 1.6.15
* Sun Oct 17 2010 Ville Skyttä <ville.skytta at iki.fi> - 1.6.13-3
- Make name based dependencies arch qualified where appropriate (#643714).
* Tue Oct 12 2010 Joe Orton <jorton at redhat.com> - 1.6.13-2
- trim tools/buildbot, tools/dist from docdir
* Tue Oct  5 2010 Joe Orton <jorton at redhat.com> - 1.6.13-1
- update to 1.6.13
* Tue Sep  7 2010 Joe Orton <jorton at redhat.com> - 1.6.12-5
- add svnserve init script
- split out -libs subpackage
* Fri Sep  3 2010 Joe Orton <jorton at redhat.com> - 1.6.12-4
- restore PIE support
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #667407 - CVE-2010-4539 Subversion (mod_dav_svn): DoS (crash) by processing certain requests to display all available repositories to a web browser
        https://bugzilla.redhat.com/show_bug.cgi?id=667407
  [ 2 ] Bug #667763 - CVE-2010-4644 Subversion: DoS (memory consumption) by processing blame or log -g requests on certain files
        https://bugzilla.redhat.com/show_bug.cgi?id=667763
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update subversion' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------