[Bug 836245] New: Apache Subversion maintenance release 1.7.13

newer
[Bug 842382] New: german release...

older
[Bug 841684] New: python-GitPython...

bugzilla_noreply＠novell.com

23 Aug 2013 23 Aug '13

04:44

https://bugzilla.novell.com/show_bug.cgi?id=836245 https://bugzilla.novell.com/show_bug.cgi?id=836245#c0 Summary: Apache Subversion maintenance release 1.7.13 Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: All OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: Maintenance AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:23.0) Gecko/20100101 Firefox/23.0 from https://svn.apache.org/viewvc/subversion/tags/1.7.13/CHANGES?revision=1516638&view=markup Version 1.7.13 (29 Aug 2013, from /branches/1.7.x) http://svn.apache.org/repos/asf/subversion/tags/1.7.13 User-visible changes: - General * merge: fix bogus mergeinfo with conflicting file merges (issue #4306) * diff: fix duplicated path component in '--summarize' output (issue #4408) * ra_serf: ignore case when checking certificate common names (r1514763) - Server-side bugfixes: * svnserve: fix creation of pid files (r1516556) * mod_dav_svn: better status codes for commit failures (r1490684) * mod_dav_svn: do not map requests to filesystem (r1512432 et al) Developer-visible changes: - General: * support linking against gssapi on Solaris 10 (r1515068) * don't use uninitialized variable to produce an error code (r1482282) - Bindings: * swig-pl: fix SVN::Client not honoring config file settings (r150744) * swig-pl & swig-py: disable unusable svn_fs_set_warning_func (r1515119) Version 1.7.12 (Not released, see changes for 1.7.13.) Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Show replies by date

bugzilla_noreply＠novell.com

23 Aug 23 Aug

04:44

New subject: [Bug 836245] Apache Subversion maintenance release 1.7.13

https://bugzilla.novell.com/show_bug.cgi?id=836245 https://bugzilla.novell.com/show_bug.cgi?id=836245#c Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |ASSIGNED AssignedTo|bnc-team-screening@forge.pr |Andreas.Stieger@gmx.de |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

29 Aug 29 Aug

19:40

New subject: [Bug 836245] Apache Subversion maintenance release 1.7.13

https://bugzilla.novell.com/show_bug.cgi?id=836245 https://bugzilla.novell.com/show_bug.cgi?id=836245#c1 Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de Severity|Normal |Critical --- Comment #1 from Andreas Stieger 2013-08-29 19:40:35 UTC --- CVE details to follow when public -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

19:41

New subject: [Bug 836245] Apache Subversion maintenance release 1.7.13

https://bugzilla.novell.com/show_bug.cgi?id=836245 https://bugzilla.novell.com/show_bug.cgi?id=836245#c Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Maintenance |Security AssignedTo|Andreas.Stieger@gmx.de |security-team@suse.de Severity|Critical |Normal -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

19:43

New subject: [Bug 836245] Apache Subversion maintenance release 1.7.13

https://bugzilla.novell.com/show_bug.cgi?id=836245 https://bugzilla.novell.com/show_bug.cgi?id=836245#c Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|security-team@suse.de |Andreas.Stieger@gmx.de -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

30 Aug 30 Aug

15:53

New subject: [Bug 836245] Apache Subversion maintenance release 1.7.13

https://bugzilla.novell.com/show_bug.cgi?id=836245 https://bugzilla.novell.com/show_bug.cgi?id=836245#c2 --- Comment #2 from Andreas Stieger 2013-08-30 15:53:19 UTC --- 1.7.13: CVE-2013-4246: svnserve: symlink attack against pid file -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

15:58

New subject: [Bug 836245] Apache Subversion maintenance release 1.7.13

https://bugzilla.novell.com/show_bug.cgi?id=836245 https://bugzilla.novell.com/show_bug.cgi?id=836245#c3 Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO CC| |maintenance@opensuse.org InfoProvider| |security-team@suse.de --- Comment #3 from Andreas Stieger 2013-08-30 15:58:45 UTC --- Maintenance request for this security update: https://build.opensuse.org/request/show/196922 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

16:05

New subject: [Bug 836245] Apache Subversion maintenance release 1.7.13

https://bugzilla.novell.com/show_bug.cgi?id=836245 https://bugzilla.novell.com/show_bug.cgi?id=836245#c4 --- Comment #4 from Andreas Stieger 2013-08-30 16:05:42 UTC --- (In reply to comment #2)

...

1.7.13: CVE-2013-4246: svnserve: symlink attack against pid file

Mistake from upstream. This is actually: CVE-2013-4277: svnserve: symlink attack against pid file https://build.opensuse.org/request/show/196923 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

3 Sep 3 Sep

10:46

New subject: [Bug 836245] Apache Subversion maintenance release 1.7.13

https://bugzilla.novell.com/show_bug.cgi?id=836245 https://bugzilla.novell.com/show_bug.cgi?id=836245#c Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |obs:running:1980:moderate -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

15:59

New subject: [Bug 836245] Apache Subversion maintenance release 1.7.13

https://bugzilla.novell.com/show_bug.cgi?id=836245 https://bugzilla.novell.com/show_bug.cgi?id=836245#c5 Alexander Bergmann changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |abergmann@suse.com --- Comment #5 from Alexander Bergmann 2013-09-03 15:59:04 UTC --- SLE11 SP2/3 is also effected by this. SLE10 SP4 is not effected. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

16:01

New subject: [Bug 836245] Apache Subversion maintenance release 1.7.13

https://bugzilla.novell.com/show_bug.cgi?id=836245 https://bugzilla.novell.com/show_bug.cgi?id=836245#c6 --- Comment #6 from Alexander Bergmann 2013-09-03 16:01:48 UTC --- Created an attachment (id=555545) --> (http://bugzilla.novell.com/attachment.cgi?id=555545) CVE-2013-4277 fix against subversion-1.8. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

16:04

New subject: [Bug 836245] VUL-1: CVE-2013-4277: subversion: Apache Subversion maintenance release 1.7.13

https://bugzilla.novell.com/show_bug.cgi?id=836245 https://bugzilla.novell.com/show_bug.cgi?id=836245#c7 Alexander Bergmann changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |Andreas.Stieger@gmx.de AssignedTo|Andreas.Stieger@gmx.de |mvyskocil@suse.com Summary|Apache Subversion |VUL-1: CVE-2013-4277: |maintenance release 1.7.13 |subversion: Apache | |Subversion maintenance | |release 1.7.13 Alias| |CVE-2013-4277 --- Comment #7 from Alexander Bergmann 2013-09-03 16:04:41 UTC --- In SLE11 the effected file is subversion/svnserve/main.c. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

16:18

New subject: [Bug 836245] VUL-1: CVE-2013-4277: subversion: Apache Subversion maintenance release 1.7.13

https://bugzilla.novell.com/show_bug.cgi?id=836245 https://bugzilla.novell.com/show_bug.cgi?id=836245#c8 Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|security-team@suse.de | Severity|Normal |Major --- Comment #8 from Andreas Stieger 2013-09-03 16:18:27 UTC --- Advisory: https://subversion.apache.org/security/CVE-2013-4277-advisory.txt I see that updates for openSUSE are on their way: https://build.opensuse.org/project/monitor/openSUSE:Maintenance:1980 In relation to that, the Apache Subversion PMC said that this was pre-notified to the security team one week prior to the release. Is this working for us? (e.g. are we responding in an appropriate fashion, e.g. private notification to package maintainers) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

4 Sep 4 Sep

14:04

New subject: [Bug 836245] VUL-1: CVE-2013-4277: subversion: Apache Subversion maintenance release 1.7.13

https://bugzilla.novell.com/show_bug.cgi?id=836245 https://bugzilla.novell.com/show_bug.cgi?id=836245#c9 --- Comment #9 from Alexander Bergmann 2013-09-04 14:04:01 UTC --- Thanks Andreas! It looks like we didn't get any pre-notification for this issue. The easiest way would be a heads-up to security@suse.de. It's even possible to use GPG (Key ID: 3D25D3D9). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

17:03

New subject: [Bug 836245] VUL-1: CVE-2013-4277: subversion: Apache Subversion maintenance release 1.7.13

https://bugzilla.novell.com/show_bug.cgi?id=836245 https://bugzilla.novell.com/show_bug.cgi?id=836245#c10 --- Comment #10 from Andreas Stieger 2013-09-04 17:03:28 UTC --- (In reply to comment #9)

...

Thanks Andreas! It looks like we didn't get any pre-notification for this issue.

The easiest way would be a heads-up to security@suse.de. It's even possible to use GPG (Key ID: 3D25D3D9).

Apache Subversion PMC said that the pre-notifications should be fixed now. http://colabti.org/irclogger/irclogger_log/svn-dev?date=2013-09-04#l133 If you get this info before me for future events, please cc me on the private VUL-* bug and I will prepare and test updates for openSUSE in branch projects without public source access. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

12 Sep 12 Sep

07:20

New subject: [Bug 836245] VUL-1: CVE-2013-4277: subversion: Apache Subversion maintenance release 1.7.13

https://bugzilla.novell.com/show_bug.cgi?id=836245 https://bugzilla.novell.com/show_bug.cgi?id=836245#c11 Michal Vyskocil changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|mvyskocil@suse.com |security-team@suse.de --- Comment #11 from Michal Vyskocil 2013-09-12 07:20:09 UTC --- I've backported the fix for subversion 1.6 - sent as 28742 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

13 Sep 13 Sep

07:32

New subject: [Bug 836245] VUL-1: CVE-2013-4277: subversion: Apache Subversion maintenance release 1.7.13

https://bugzilla.novell.com/show_bug.cgi?id=836245 https://bugzilla.novell.com/show_bug.cgi?id=836245#c Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|obs:running:1980:moderate | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

08:08

New subject: [Bug 836245] VUL-1: CVE-2013-4277: subversion: Apache Subversion maintenance release 1.7.13

https://bugzilla.novell.com/show_bug.cgi?id=836245 https://bugzilla.novell.com/show_bug.cgi?id=836245#c13 --- Comment #13 from Swamp Workflow Management 2013-09-13 08:08:08 UTC --- openSUSE-SU-2013:1442-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 836245 CVE References: CVE-2013-4277 Sources used: openSUSE 12.3 (src): subversion-1.7.13-2.16.1 openSUSE 12.2 (src): subversion-1.7.13-4.24.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

24 Sep 24 Sep

16:05

New subject: [Bug 836245] VUL-1: CVE-2013-4277: subversion: Apache Subversion maintenance release 1.7.13

https://bugzilla.novell.com/show_bug.cgi?id=836245 https://bugzilla.novell.com/show_bug.cgi?id=836245#c14 --- Comment #14 from Swamp Workflow Management 2013-09-24 16:05:14 UTC --- openSUSE-SU-2013:1485-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 836245 CVE References: CVE-2013-4277 Sources used: openSUSE 11.4 (src): subversion-1.6.23-55.2 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

26 Sep 26 Sep

16:55

New subject: [Bug 836245] VUL-1: CVE-2013-4277: subversion: Apache Subversion maintenance release 1.7.13

https://bugzilla.novell.com/show_bug.cgi?id=836245 https://bugzilla.novell.com/show_bug.cgi?id=836245#c15 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |maint:running:54537:importa | |nt --- Comment #15 from Swamp Workflow Management 2013-09-26 16:55:22 UTC --- The SWAMPID for this issue is 54537. This issue was rated as important. Please submit fixed packages until 2013-10-03. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

3872

Age (days ago)

3906

Last active (days ago)

List overview

Download

19 comments

1 participants

participants (1)

bugzilla_noreply＠novell.com