You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa subversion

Sigurnosni nedostatak programskog paketa subversion

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2017-01-06 05:08:55.107727

Name : subversion
Product : Fedora 25
Version : 1.9.5
Release : 1.fc25
Summary : A Modern Concurrent Version Control System
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. Subversion only stores the differences between versions,
instead of every complete file. Subversion is intended to be a
compelling replacement for CVS.

Update Information:

This update includes the latest stable release of _Apache Subversion_, version
**1.9.5**. #### Client-side bugfixes: * fix accessing non-existent paths during
reintegrate merge * fix handling of newly secured subdirectories in working
copy * info: remove trailing whitespace in –show-item=revision ([issue
4660]( * fix recording
wrong revisions for tree conflicts * gpg-agent: improve discovery of gpg-agent
sockets * gpg-agent: fix file descriptor leak * resolve: fix –accept=mine-
full for binary files ([issue
4647]( * merge: fix
possible crash ([issue
4652]( * resolve: fix
possible crash * fix potential crash in Win32 crash reporter #### Server-side
bugfixes: * fsfs: fix “offset too large” error during pack ([issue
4657]( * svnserve:
enable hook script environments * fsfs: fix possible data reconstruction error
([issue 4658]( * fix
source of spurious ‘incoming edit’ tree conflicts * fsfs: improve caching for
large directories * fsfs: fix crash when encountering all-zero checksums *
fsfs: fix potential source of repository corruptions * mod_dav_svn: fix
excessive memory usage with mod_headers/mod_deflate ([issue
3084]( * mod_dav_svn:
reduce memory usage during GET requests * fsfs: fix unexpected “database is
locked” errors * fsfs: fix opening old repositories without db/format files
#### Client-side and server-side bugfixes: * fix possible crash when reading
invalid configuration files #### Bindings bugfixes: * swig-pl: do not corrupt
“{DATE}” revision variable * javahl: fix temporary accepting SSL server
certificates * swig-pl: fix possible stack corruption

[ 1 ] Bug #1397403 – CVE-2016-8734 subversion: unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s)://

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade subversion’ at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to

AutorMarko Stanec
Cert idNCERT-REF-2017-01-0066-ADV
More in Preporuke
Sigurnosni nedostatak programskog paketa tomcat7

Otkriven je sigurnosni nedostatak u programskom paketu tomcat7 za Debian. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija. Savjetuje se...