[Bug 830031] New: Apache Subversion 1.7.11 maintenance release
https://bugzilla.novell.com/show_bug.cgi?id=830031 https://bugzilla.novell.com/show_bug.cgi?id=830031#c0 Summary: Apache Subversion 1.7.11 maintenance release Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: All OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: Maintenance AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:22.0) Gecko/20100101 Firefox/22.0 the following release is being prepared. Version 1.7.11 (23 Jul 2013, from /branches/1.7.x) http://svn.apache.org/repos/asf/subversion/tags/1.7.11 User-visible changes: - General * translation updates for Simplified Chinese - Server-side bugfixes: * mod_dav_svn: fix incorrect path canonicalization (r1503528) - Other tool improvements and bugfixes: * fix argument processing in contrib hook scripts (r1485350) Developer-visible changes: - Bindings: * javahl: fix bug in error constructing code (r1405922) Reproducible: Always Steps to Reproduce: 1. svn --version Actual Results: svn, version 1.7.10 (r1485443) Expected Results: svn, version 1.7.11 (r1503888) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=830031 https://bugzilla.novell.com/show_bug.cgi?id=830031#c Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED AssignedTo|bnc-team-screening@forge.pr |Andreas.Stieger@gmx.de |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=830031 https://bugzilla.novell.com/show_bug.cgi?id=830031#c1 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|ASSIGNED |NEEDINFO CC| |security-team@suse.de InfoProvider| |maintenance@opensuse.org --- Comment #1 from Andreas Stieger <Andreas.Stieger@gmx.de> 2013-07-24 17:48:09 UTC --- 1.7.11 and 1.8.1 releases address one security issue: CVE-2013-4131: mod_dav_svn assertion from requests against root path. https://subversion.apache.org/security/CVE-2013-4131-advisory.txt 1.7.11 Maintenance requests for openSUSE 12.2 and 12.3: https://build.opensuse.org/request/show/184222 1.8.1 SR to openSUSE:Factory: https://build.opensuse.org/request/show/184223 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=830031 https://bugzilla.novell.com/show_bug.cgi?id=830031#c2 --- Comment #2 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-07-24 20:00:07 CEST --- This is an autogenerated message for OBS integration: This bug (830031) was mentioned in https://build.opensuse.org/request/show/184224 Factory / subversion -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=830031 https://bugzilla.novell.com/show_bug.cgi?id=830031#c3 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED CC| |meissner@suse.com InfoProvider|maintenance@opensuse.org | Summary|Apache Subversion 1.7.11 |VUL-0: CVE-2013-4131: |maintenance release |subversion: Apache | |Subversion 1.7.11 | |maintenance release Alias| |CVE-2013-4131 --- Comment #3 from Marcus Meissner <meissner@suse.com> 2013-07-25 06:43:41 UTC --- as there is a security issue, security is tracking this.
From the advisory linked: Subversion 1.8.1 Subversion 1.7.11 svnserve (any version) is not vulnerable. Subversion 1.6.x is not vulnerable.
So SLE is not affected. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=830031 https://bugzilla.novell.com/show_bug.cgi?id=830031#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |obs:running:1884:moderate -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=830031 https://bugzilla.novell.com/show_bug.cgi?id=830031#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|obs:running:1884:moderate | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=830031 https://bugzilla.novell.com/show_bug.cgi?id=830031#c4 --- Comment #4 from Swamp Workflow Management <swamp@suse.de> 2013-08-01 08:04:22 UTC --- openSUSE-SU-2013:1286-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 830031 CVE References: CVE-2013-4131 Sources used: openSUSE 12.3 (src): subversion-1.7.11-2.12.1 openSUSE 12.2 (src): subversion-1.7.11-4.20.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=830031 https://bugzilla.novell.com/show_bug.cgi?id=830031#c5 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |FIXED --- Comment #5 from Andreas Stieger <Andreas.Stieger@gmx.de> 2013-08-23 12:41:24 UTC --- updates released, closing -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=830031 https://bugzilla.novell.com/show_bug.cgi?id=830031#c6 --- Comment #6 from Swamp Workflow Management <swamp@suse.de> 2013-12-13 13:06:01 UTC --- openSUSE-SU-2013:1869-1: An update that solves 7 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 528714,649861,662030,713919,788015,794676,830031,836245,850747 CVE References: CVE-2010-3315,CVE-2010-4539,CVE-2010-4644,CVE-2013-1884,CVE-2013-4131,CVE-2013-4505,CVE-2013-4558 Sources used: openSUSE 11.4 (src): subversion-1.7.14-59.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com