[SECURITY] Fedora Core 2 Update: subversion-1.0.2-2.1

Joe Orton jorton at redhat.com
Wed May 19 16:19:02 UTC 2004


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-128
2004-05-19
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : subversion
Version     : 1.0.2                      
Release     : 2.1                  
Summary     : Modern Version Control System designed to replace CVS
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes.  Subversion only stores the differences between versions,
instead of every complete file.  Subversion is intended to be a
compelling replacement for CVS.

---------------------------------------------------------------------
Update Information:

Stefan Esser discovered an issue in the date parsing routines in
Subversion which allows a buffer overflow.  An attacker could send
malicious requests to a Subversion server (either Apache-based using
mod_dav_svn, or using the svnserve daemon) and perform arbitrary
execution of code.  

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0397 to this issue.  This update includes
packages with a patch for this issue.

---------------------------------------------------------------------
* Sat May 15 2004 Joe Orton <jorton at redhat.com> 1.0.2-2.1

- add security fix for CVE CAN-2004-0397 (Ben Reser)

* Tue May 04 2004 Joe Orton <jorton at redhat.com> 1.0.2-2

- add perl MODULE_COMPAT requirement for -perl subpackage
- move perl man pages into -perl subpackage
- clean up -perl installation and dependencies (Ville Skyttä, #123045)


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

92cc070981eae85dc2220126a7cbd9d0  SRPMS/subversion-1.0.2-2.1.src.rpm
2ff7ecbf8f8c10b6ab761c3cbc913bf2  i386/subversion-1.0.2-2.1.i386.rpm
a9e16d37859ee2168af5d2f0e53560a5  i386/subversion-devel-1.0.2-2.1.i386.rpm
6bd4b498f5c13bf4d2b2ad6668c86008  i386/mod_dav_svn-1.0.2-2.1.i386.rpm
bfbbc9af5bbc287f74260bacb3bd3126  i386/subversion-perl-1.0.2-2.1.i386.rpm
8d4671361745f71e67310007ef8c6449  i386/debug/subversion-debuginfo-1.0.2-2.1.i386.rpm
ca4fddfff4fff8a5496e29f3c314d32f  x86_64/subversion-1.0.2-2.1.x86_64.rpm
0af6c873bcffd22fb0e1e4d60bcf1813  x86_64/subversion-devel-1.0.2-2.1.x86_64.rpm
9f8cef2892d8929b76f61562850e0648  x86_64/mod_dav_svn-1.0.2-2.1.x86_64.rpm
3e0bdc13b5fcd141416ec102b8608ac7  x86_64/subversion-perl-1.0.2-2.1.x86_64.rpm
f7d2a0c88fcaeba74ef0bc9c9cb97dc9  x86_64/debug/subversion-debuginfo-1.0.2-2.1.x86_64.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/announce/attachments/20040519/35d5d3b4/attachment.bin 


More information about the announce mailing list