[Bug 836245] New: Apache Subversion maintenance release 1.7.13
https://bugzilla.novell.com/show_bug.cgi?id=836245 https://bugzilla.novell.com/show_bug.cgi?id=836245#c0 Summary: Apache Subversion maintenance release 1.7.13 Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: All OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: Maintenance AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:23.0) Gecko/20100101 Firefox/23.0 from https://svn.apache.org/viewvc/subversion/tags/1.7.13/CHANGES?revision=1516638&view=markup Version 1.7.13 (29 Aug 2013, from /branches/1.7.x) http://svn.apache.org/repos/asf/subversion/tags/1.7.13 User-visible changes: - General * merge: fix bogus mergeinfo with conflicting file merges (issue #4306) * diff: fix duplicated path component in '--summarize' output (issue #4408) * ra_serf: ignore case when checking certificate common names (r1514763) - Server-side bugfixes: * svnserve: fix creation of pid files (r1516556) * mod_dav_svn: better status codes for commit failures (r1490684) * mod_dav_svn: do not map requests to filesystem (r1512432 et al) Developer-visible changes: - General: * support linking against gssapi on Solaris 10 (r1515068) * don't use uninitialized variable to produce an error code (r1482282) - Bindings: * swig-pl: fix SVN::Client not honoring config file settings (r150744) * swig-pl & swig-py: disable unusable svn_fs_set_warning_func (r1515119) Version 1.7.12 (Not released, see changes for 1.7.13.) Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=836245
https://bugzilla.novell.com/show_bug.cgi?id=836245#c
Andreas Stieger
https://bugzilla.novell.com/show_bug.cgi?id=836245
https://bugzilla.novell.com/show_bug.cgi?id=836245#c1
Andreas Stieger
https://bugzilla.novell.com/show_bug.cgi?id=836245
https://bugzilla.novell.com/show_bug.cgi?id=836245#c
Andreas Stieger
https://bugzilla.novell.com/show_bug.cgi?id=836245
https://bugzilla.novell.com/show_bug.cgi?id=836245#c
Andreas Stieger
https://bugzilla.novell.com/show_bug.cgi?id=836245
https://bugzilla.novell.com/show_bug.cgi?id=836245#c2
--- Comment #2 from Andreas Stieger
https://bugzilla.novell.com/show_bug.cgi?id=836245
https://bugzilla.novell.com/show_bug.cgi?id=836245#c3
Andreas Stieger
https://bugzilla.novell.com/show_bug.cgi?id=836245
https://bugzilla.novell.com/show_bug.cgi?id=836245#c4
--- Comment #4 from Andreas Stieger
1.7.13: CVE-2013-4246: svnserve: symlink attack against pid file
Mistake from upstream. This is actually: CVE-2013-4277: svnserve: symlink attack against pid file https://build.opensuse.org/request/show/196923 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=836245
https://bugzilla.novell.com/show_bug.cgi?id=836245#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=836245
https://bugzilla.novell.com/show_bug.cgi?id=836245#c5
Alexander Bergmann
https://bugzilla.novell.com/show_bug.cgi?id=836245
https://bugzilla.novell.com/show_bug.cgi?id=836245#c6
--- Comment #6 from Alexander Bergmann
https://bugzilla.novell.com/show_bug.cgi?id=836245
https://bugzilla.novell.com/show_bug.cgi?id=836245#c7
Alexander Bergmann
https://bugzilla.novell.com/show_bug.cgi?id=836245
https://bugzilla.novell.com/show_bug.cgi?id=836245#c8
Andreas Stieger
https://bugzilla.novell.com/show_bug.cgi?id=836245
https://bugzilla.novell.com/show_bug.cgi?id=836245#c9
--- Comment #9 from Alexander Bergmann
https://bugzilla.novell.com/show_bug.cgi?id=836245
https://bugzilla.novell.com/show_bug.cgi?id=836245#c10
--- Comment #10 from Andreas Stieger
Thanks Andreas! It looks like we didn't get any pre-notification for this issue.
The easiest way would be a heads-up to security@suse.de. It's even possible to use GPG (Key ID: 3D25D3D9).
Apache Subversion PMC said that the pre-notifications should be fixed now. http://colabti.org/irclogger/irclogger_log/svn-dev?date=2013-09-04#l133 If you get this info before me for future events, please cc me on the private VUL-* bug and I will prepare and test updates for openSUSE in branch projects without public source access. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=836245
https://bugzilla.novell.com/show_bug.cgi?id=836245#c11
Michal Vyskocil
https://bugzilla.novell.com/show_bug.cgi?id=836245
https://bugzilla.novell.com/show_bug.cgi?id=836245#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=836245
https://bugzilla.novell.com/show_bug.cgi?id=836245#c13
--- Comment #13 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=836245
https://bugzilla.novell.com/show_bug.cgi?id=836245#c14
--- Comment #14 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=836245
https://bugzilla.novell.com/show_bug.cgi?id=836245#c15
Swamp Workflow Management
participants (1)
-
bugzilla_noreply@novell.com