You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa subversion

Sigurnosni nedostaci programskog paketa subversion

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2015-12-22 17:48:56.359287

Name : subversion
Product : Fedora 23
Version : 1.9.3
Release : 1.fc23
Summary : A Modern Concurrent Version Control System
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. Subversion only stores the differences between versions,
instead of every complete file. Subversion is intended to be a
compelling replacement for CVS.

Update Information:

This update includes the latest stable release of _Apache Subversion_, version
**1.9.3**. ### User-visible changes: #### Client-side bugfixes: * svn: fix
possible crash in auth credentials cache * cleanup: avoid unneeded memory
growth during pristine cleanup * diff: fix crash when repository is on server
root * fix translations for commit notifications * ra_serf: fix crash in
multistatus parser * svn: report lock/unlock errors as failures * svn: cleanup
user deleted external registrations * svn: allow simple resolving of binary
file text conflicts * svnlook: properly remove tempfiles on diff errors *
ra_serf: report built- and run-time versions of libserf * ra_serf: set Content-
Type header in outgoing requests * svn: fix merging deletes of svn:eol-style
CRLF/CR files * ra_local: disable zero-copy code path #### Server-side
bugfixes: * mod_authz_svn: fix authz with mod_auth_kerb/mod_auth_ntlm ( [issue
4602]( * mod_dav_svn:
fix display of process ID in cache statistics * mod_dav_svn: use
LimitXMLRequestBody for skel-encoded requests * svnadmin dump: preserve no-op
changes * fsfs: avoid unneeded I/O when opening transactions #### Bindings
bugfixes: * javahl: fix ABI incompatibilty with 1.8 * javahl: allow non-
absolute paths in SVNClient.vacuum ### Developer-visible changes: #### General:
* fix patch filter invocation in svn_client_patch() * add \@since information
to config defines * fix running the tests in compatibility mode * clarify
documentation of svn_fs_node_created_rev() #### API changes: * fix overflow
detection in svn_stringbuf_remove and _replace * don’t ignore some of the
parameters to svn_ra_svn_create_conn3

[ 1 ] Bug #1289959 – CVE-2015-5343 subversion: (mod_dav_svn) integer overflow when parsing skel-encoded request bodies
[ 2 ] Bug #1289958 – CVE-2015-5259 subversion: integer overflow in the svn:// protocol parser

This update can be installed with the “yum” update program. Use
su -c ‘yum update subversion’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorMarijo Plepelic
Cert idNCERT-REF-2015-12-0011-ADV
More in Preporuke
Ranjivosti programskog paketa qemu-kvm-rhev

Otkrivene su dvije ranjivosti u programskom paketu qemu-kvm-rhev za RHEL OpenStack Platform 5.0 za RHEL 6. Prva ranjivost posljedica je...