You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa subversion

Sigurnosni nedostatak programskog paketa subversion

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2014-9521
2014-08-19 05:20:33
——————————————————————————–

Name : subversion
Product : Fedora 19
Version : 1.7.18
Release : 1.fc19
URL : http://subversion.apache.org/
Summary : A Modern Concurrent Version Control System
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. Subversion only stores the differences between versions,
instead of every complete file. Subversion is intended to be a
compelling replacement for CVS.

——————————————————————————–
Update Information:

This update includes the latest stable release of **Apache Subversion** 1.7, version **1.7.18**, fixing a minor security issue.

**Client-side bugfixes:**
* guard against md5 hash collisions when finding cached credentials (CVE-2014-3528). See:

http://subversion.apache.org/security/CVE-2014-3528-advisory.txt

**Developer-visible changes**
**General:**
* fix ocassional failure in checkout_tests.py test 12.

——————————————————————————–
ChangeLog:

* Mon Aug 18 2014 Joe Orton <jorton@redhat.com> – 1.7.18-1
– update to 1.7.18
* Mon Jun 9 2014 Joe Orton <jorton@redhat.com> – 1.7.17-1
– update to 1.7.17
* Mon Mar 3 2014 Joe Orton <jorton@redhat.com> – 1.7.16-1
– update to 1.7.16
* Tue Nov 26 2013 Joe Orton <jorton@redhat.com> – 1.7.14-1
– update to 1.7.14 (#1034377)
* Tue Sep 3 2013 Joe Orton <jorton@redhat.com> – 1.7.13-1
– update to 1.7.13 (#1003070)
– move bash completions out of /etc (#922993)
* Thu Jul 25 2013 Joe Orton <jorton@redhat.com> – 1.7.11-1
– update to 1.7.11
– use full relro in mod_dav_svn build (#973694)
——————————————————————————–
References:

[ 1 ] Bug #1125799 – CVE-2014-3528 subversion: credentials leak via MD5 collision
https://bugzilla.redhat.com/show_bug.cgi?id=1125799
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update subversion’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2014-9636
2014-08-21 07:55:28
——————————————————————————–

Name : subversion
Product : Fedora 20
Version : 1.8.10
Release : 1.fc20
URL : http://subversion.apache.org/
Summary : A Modern Concurrent Version Control System
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. Subversion only stores the differences between versions,
instead of every complete file. Subversion is intended to be a
compelling replacement for CVS.

——————————————————————————–
Update Information:

This update includes the latest stable release of **Apache Subversion**, version **1.8.10**.

**Client-side bugfixes:**
* guard against md5 hash collisions when finding cached credentials
* ra_serf: properly match wildcards in SSL certs.
* ra_serf: ignore the CommonName in SSL certs where there are Subject Alt Names
* ra_serf: fix a URI escaping bug that prevented deleting locked paths
* rm: Display the proper URL when deleting a URL in the commit log editor
* log: Fix another instance of broken pipe error
* copy: Properly handle props not present or excluded on cross wc copy
* copy: Fix copying parents of locally deleted nodes between wcs
* externals: Properly delete ancestor directories of externals when removing the external by changing svn:externals.
* ra_serf: fix memory lifetime of some hash values

**Server-side bugfixes:**
* fsfs: omit config file when creating pre-1.5 format repos

**Bindings:**
* ruby: removing warning about Ruby 1.9 support being new.
* python: fix notify_func callbacks

——————————————————————————–
ChangeLog:

* Mon Aug 18 2014 Joe Orton <jorton@redhat.com> – 1.8.10-1
– update to 1.8.10 (#1129100, #1128884, #1125800)
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 1.8.9-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 1.8.9-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 28 2014 Joe Orton <jorton@redhat.com> – 1.8.9-1
– update to 1.8.9 (#1100779)
* Tue Apr 29 2014 Vít Ondruch <vondruch@redhat.com> – 1.8.8-3
– Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.1
* Tue Apr 22 2014 Joe Orton <jorton@redhat.com> – 1.8.8-2
– require minitest 4 to fix tests for Ruby bindings (#1089252)
* Fri Feb 28 2014 Joe Orton <jorton@redhat.com> – 1.8.8-1
– update to 1.8.8
* Thu Jan 23 2014 Joe Orton <jorton@redhat.com> – 1.8.5-4
– fix _httpd_mmn expansion in absence of httpd-devel
* Mon Jan 6 2014 Joe Orton <jorton@redhat.com> – 1.8.5-3
– fix permissions of /run/svnserve (#1048422)
* Tue Dec 10 2013 Joe Orton <jorton@redhat.com> – 1.8.5-2
– don’t drop -Wall when building swig Perl bindings (#1037341)
* Tue Nov 26 2013 Joe Orton <jorton@redhat.com> – 1.8.5-1
– update to 1.8.5 (#1034130)
– add fix for wc-queries-test breakage (h/t Andreas Stieger, r1542774)
* Mon Nov 18 2013 Joe Orton <jorton@redhat.com> – 1.8.4-2
– add fix for ppc breakage (Andreas Stieger, #985582)
* Tue Oct 29 2013 Joe Orton <jorton@redhat.com> – 1.8.4-1
– update to 1.8.4
——————————————————————————–
References:

[ 1 ] Bug #1125800 – subversion: credentials leak via MD5 collision [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1125800
[ 2 ] Bug #1129100 – subversion-1.8.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1129100
[ 3 ] Bug #1128884 – CVE-2014-3522 subversion: incorrect SSL certificate validation in Serf RA (repository access) layer [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1128884
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update subversion’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

AutorMarijo Plepelic
Cert idNCERT-REF-2014-08-0013-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa GNU Libtasn1

Otkriveni su sigurnosni nedostaci u programskom paketu GNU Libtasn1. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada uskraćivanjem usluge. Svim korisnicima...

Close