[SECURITY] Fedora 7 Update: subversion-1.4.4-1.fc7

updates at fedoraproject.org updates at fedoraproject.org
Mon Oct 29 19:02:42 UTC 2007 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-2635
2007-10-29 19:02:36.986453
--------------------------------------------------------------------------------

Name        : subversion
Product     : Fedora 7
Version     : 1.4.4
Release     : 1.fc7
URL         : http://subversion.tigris.org/
Summary     : Modern Version Control System designed to replace CVS
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes.  Subversion only stores the differences between versions,
instead of every complete file.  Subversion is intended to be a
compelling replacement for CVS.

--------------------------------------------------------------------------------
Update Information:

This update includes the Subversion 1.4.4 release, including a number of bug fixes and a fix for a minor security issue.

An issue was discovered in the implementation of access control for revision properties in the path-based authorization code.  In a repository using path-based access control, if a path was copied  from a private area to a public area, the revision properties of the (private) source path would become visible despite the access control restrictions.  (CVE-2007-2448)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul  3 2007 Joe Orton <jorton at redhat.com> 1.4.4-1.fc7
- update to 1.4.4
- add Provides: svn (#245087)
- fix without-java build (Lennert Buytenhek, #245467)
* Wed Apr 11 2007 Joe Orton <jorton at redhat.com> 1.4.3-5
- fix version of apr/apr-util in BR (#216181)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #243856 - CVE-2007-2448 New subversion release fixes a subtle security bug [F7]
        https://bugzilla.redhat.com/show_bug.cgi?id=243856
  [ 2 ] Bug #245087 - add Provides: svn to subversion package
        https://bugzilla.redhat.com/show_bug.cgi?id=245087
  [ 3 ] CVE-2007-2448
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2448
--------------------------------------------------------------------------------
Updated packages:

9140f3d533f3b2eab81f5085c01d228932747734 mod_dav_svn-1.4.4-1.fc7.ppc64.rpm
49f634ec8b90de6bd9900641363a7e256bd270bc subversion-1.4.4-1.fc7.ppc64.rpm
eea8211bd6ffe879abbc1339554c2a8f65b9488b subversion-debuginfo-1.4.4-1.fc7.ppc64.rpm
f29dbc29ff87c4c453b4939bb6dd1792611ba3f9 subversion-perl-1.4.4-1.fc7.ppc64.rpm
426f66e79b4622db09d2973bd7de8fc2d2692946 subversion-devel-1.4.4-1.fc7.ppc64.rpm
52e7783cabf931a1b3f87d940656a78edc4d7e5e subversion-javahl-1.4.4-1.fc7.ppc64.rpm
2fcb68075dd8093814b3bb65841634bde91d3642 subversion-ruby-1.4.4-1.fc7.ppc64.rpm
93dc442b4b1b907fb35ee3af396dfc487be5c7b8 mod_dav_svn-1.4.4-1.fc7.i386.rpm
660f8fa55b6bb30ee4200c1ac139abfda7b08bc8 subversion-javahl-1.4.4-1.fc7.i386.rpm
839f9c218f88a865ebfad9d9c2738e6894205e6c subversion-ruby-1.4.4-1.fc7.i386.rpm
cf08ccd894457b1edf8f71f727fabd94ebbc0870 subversion-devel-1.4.4-1.fc7.i386.rpm
3873b83a1a18a770faf16d05ac5dc8bcf821379f subversion-debuginfo-1.4.4-1.fc7.i386.rpm
b7fc96f74a137cc2712465df83baf2dfb4d40990 subversion-perl-1.4.4-1.fc7.i386.rpm
40cfafe8ffa7b53a4de80b85a24536b35f641c39 subversion-1.4.4-1.fc7.i386.rpm
4e80678e83362fe11015513db50026a9326f9f8a subversion-javahl-1.4.4-1.fc7.x86_64.rpm
a6d23313c174780eae8afab617b76174752dd1b3 subversion-perl-1.4.4-1.fc7.x86_64.rpm
a19ff5b88367b8a1403cd5b3d777f35c5d4ce73a subversion-ruby-1.4.4-1.fc7.x86_64.rpm
35e35e7b7a2c3388a92d0abd867ccfffc367fdb4 mod_dav_svn-1.4.4-1.fc7.x86_64.rpm
84baa7fdcd6888a683aadb226a9c4455142a5c4d subversion-devel-1.4.4-1.fc7.x86_64.rpm
d1498fbb8fb8e84a1920cfcb6c6b39632ee4c1c2 subversion-debuginfo-1.4.4-1.fc7.x86_64.rpm
8138cc509033c0d3f90ea7ccf430292137dd36f8 subversion-1.4.4-1.fc7.x86_64.rpm
5b9a3673406e717b1b07eb5550830cc2649c00ae subversion-devel-1.4.4-1.fc7.ppc.rpm
3c22c3b1137a3e70602fff4ff7c92d2e40c25c8e subversion-ruby-1.4.4-1.fc7.ppc.rpm
1a9c994391077650bab1a2a4d2dd92540c5e6e6e subversion-perl-1.4.4-1.fc7.ppc.rpm
c7bde220e48e508cb44307b308b9c9bf78d9db2d subversion-javahl-1.4.4-1.fc7.ppc.rpm
2a0384919bad2567ce2ffa556bd0bf7c78648d5b subversion-1.4.4-1.fc7.ppc.rpm
eba6cbdb27b449004674499d9cf922893d7084ea subversion-debuginfo-1.4.4-1.fc7.ppc.rpm
92f90db0d2f2b6e2fb700b5c95f9d7c966e1e3b3 mod_dav_svn-1.4.4-1.fc7.ppc.rpm
ac482709364bf8f854c250350fe4402141e54932 subversion-1.4.4-1.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update subversion' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

More information about the package-announce mailing list