Mailinglist Archive: opensuse-updates (130 mails)

< Previous Next >
openSUSE-SU-2013:1869-1: moderate: subversion: update to 1.7.14
openSUSE Security Update: subversion: update to 1.7.14
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:1869-1
Rating: moderate
References: #528714 #649861 #662030 #713919 #788015 #794676
#830031 #836245 #850747
Cross-References: CVE-2010-3315 CVE-2010-4539 CVE-2010-4644
CVE-2013-1884 CVE-2013-4131 CVE-2013-4505
CVE-2013-4558
Affected Products:
openSUSE 11.4
______________________________________________________________________________

An update that solves 7 vulnerabilities and has two fixes
is now available.

Description:

This update fixes the following issues with subversion:
- bnc#850747: update to 1.7.14
* CVE-2013-4505: mod_dontdothat does not restrict
requests from serf clients.
* CVE-2013-4558: mod_dav_svn assertion triggered by
autoversioning commits.

+ Client- and server-side bugfixes:
* fix assertion on urls of the form 'file://./'
+ Client-side bugfixes:
* upgrade: fix an assertion when used with pre-1.3 wcs
* fix externals that point at redirected locations
* diff: fix incorrect calculation of changes in some
cases
* diff: fix errors with added/deleted targets
+ Server-side bugfixes:
* mod_dav_svn: Prevent crashes with some 3rd party
modules
* fix OOM on concurrent requests at threaded server
start
* fsfs: limit commit time of files with deep change
histories
* mod_dav_svn: canonicalize paths properly
+ Other tool improvements and bugfixes:
* mod_dontdothat: Fix the uri parser
+ Developer-visible changes:
* javahl: canonicalize path for streamFileContent method
+ require python-sqlite when running regression tests


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch 2013-169

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.4 (i586 x86_64):

libsvn_auth_gnome_keyring-1-0-1.7.14-59.1
libsvn_auth_gnome_keyring-1-0-debuginfo-1.7.14-59.1
libsvn_auth_kwallet-1-0-1.7.14-59.1
libsvn_auth_kwallet-1-0-debuginfo-1.7.14-59.1
subversion-1.7.14-59.1
subversion-debuginfo-1.7.14-59.1
subversion-debugsource-1.7.14-59.1
subversion-devel-1.7.14-59.1
subversion-perl-1.7.14-59.1
subversion-perl-debuginfo-1.7.14-59.1
subversion-python-1.7.14-59.1
subversion-python-debuginfo-1.7.14-59.1
subversion-ruby-1.7.14-59.1
subversion-ruby-debuginfo-1.7.14-59.1
subversion-server-1.7.14-59.1
subversion-server-debuginfo-1.7.14-59.1
subversion-tools-1.7.14-59.1
subversion-tools-debuginfo-1.7.14-59.1

- openSUSE 11.4 (noarch):

subversion-bash-completion-1.7.14-59.1


References:

http://support.novell.com/security/cve/CVE-2010-3315.html
http://support.novell.com/security/cve/CVE-2010-4539.html
http://support.novell.com/security/cve/CVE-2010-4644.html
http://support.novell.com/security/cve/CVE-2013-1884.html
http://support.novell.com/security/cve/CVE-2013-4131.html
http://support.novell.com/security/cve/CVE-2013-4505.html
http://support.novell.com/security/cve/CVE-2013-4558.html
https://bugzilla.novell.com/528714
https://bugzilla.novell.com/649861
https://bugzilla.novell.com/662030
https://bugzilla.novell.com/713919
https://bugzilla.novell.com/788015
https://bugzilla.novell.com/794676
https://bugzilla.novell.com/830031
https://bugzilla.novell.com/836245
https://bugzilla.novell.com/850747


< Previous Next >
This Thread
  • No further messages