[SECURITY] Fedora 14 Update: subversion-1.6.15-1.fc14
updates at fedoraproject.org
updates at fedoraproject.org
Tue Jan 18 21:35:07 UTC 2011
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0099
2011-01-04 20:15:32
--------------------------------------------------------------------------------
Name : subversion
Product : Fedora 14
Version : 1.6.15
Release : 1.fc14
URL : http://subversion.apache.org/
Summary : A Modern Concurrent Version Control System
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. Subversion only stores the differences between versions,
instead of every complete file. Subversion is intended to be a
compelling replacement for CVS.
--------------------------------------------------------------------------------
Update Information:
This release includes the latest Subversion release, fixing several bugs:
* improve svnsync handling of dir copies
* hide unreadable dirs in mod_dav_svn's GET response
* make 'svnmucc propsetf' actually work
* limit memory fragmentation in svnserve
* fix 'svn export' regression from 1.6.13
* fix 'svn export' mistakenly uri-encodes paths
* fix server-side memory leaks triggered by 'blame -g'
* prevent crash in mod_dav_svn when using SVNParentPath
* allow 'log -g' to continue in the face of invalid mergeinfo
* filter unreadable paths for 'svn ls' and 'svn co'
* fix abort in 'svn blame -g'
* fix file handle leak in ruby bindings
* remove check for 1.7-style working copies
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 28 2010 Joe Orton <jorton at redhat.com> - 1.6.15-1
- update to 1.6.15
* Sun Oct 17 2010 Ville Skyttä <ville.skytta at iki.fi> - 1.6.13-3
- Make name based dependencies arch qualified where appropriate (#643714).
* Tue Oct 12 2010 Joe Orton <jorton at redhat.com> - 1.6.13-2
- trim tools/buildbot, tools/dist from docdir
* Tue Oct 5 2010 Joe Orton <jorton at redhat.com> - 1.6.13-1
- update to 1.6.13
* Tue Sep 7 2010 Joe Orton <jorton at redhat.com> - 1.6.12-5
- add svnserve init script
- split out -libs subpackage
* Fri Sep 3 2010 Joe Orton <jorton at redhat.com> - 1.6.12-4
- restore PIE support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #667407 - CVE-2010-4539 Subversion (mod_dav_svn): DoS (crash) by processing certain requests to display all available repositories to a web browser
https://bugzilla.redhat.com/show_bug.cgi?id=667407
[ 2 ] Bug #667763 - CVE-2010-4644 Subversion: DoS (memory consumption) by processing blame or log -g requests on certain files
https://bugzilla.redhat.com/show_bug.cgi?id=667763
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update subversion' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list