[SECURITY] Fedora 14 Update: subversion-1.6.13-1.fc14

updates at fedoraproject.org updates at fedoraproject.org
Thu Oct 28 06:18:29 UTC 2010

Fedora Update Notification
2010-10-12 02:35:11

Name        : subversion
Product     : Fedora 14
Version     : 1.6.13
Release     : 1.fc14
URL         : http://subversion.apache.org/
Summary     : A Modern Concurrent Version Control System
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes.  Subversion only stores the differences between versions,
instead of every complete file.  Subversion is intended to be a
compelling replacement for CVS.

Update Information:

This update includes the latest stable release of Subversion, version 1.6.13.

Subversion servers up to 1.6.12 (inclusive) making use of the
"SVNPathAuthz short_circuit" mod_dav_svn configuration setting have
a bug which may allow users to write and/or read portions of the
repository to which they are not intended to have access.  This issue is fixed in this update.

See http://subversion.apache.org/security/CVE-2010-3315-advisory.txt for further details

A number of bug fixes are also included:

* don't drop properties during foreign-repo merges
* improve auto-props failure error message
* improve error message for 403 status with ra_neon
* don't allow 'merge --reintegrate' for 2-url merges
* improve handling of missing fsfs.conf during hotcopy
* escape unsafe characters in a URL during export
* don't leak stale locks in FSFS
* better detect broken working copies during update over ra_neon
* fsfs: make rev files read-only
* properly canonicalize a URL
* fix wc corruption with 'commit --depth=empty'
* permissions fixes when doing reintegrate merges
* fix mergeinfo miscalculation during 2-url merges
* fix error transmission problems in svnserve
* fixed: record-only merges create self-referential mergeinfo
* make 'svnmucc propset' handle existing and non-existing URLs
* add new 'propsetf' subcommand to svnmucc
* emit a warning about copied dirs during ci with limited depth


* Tue Oct  5 2010 Joe Orton <jorton at redhat.com> - 1.6.13-1
- update to 1.6.13
* Tue Sep  7 2010 Joe Orton <jorton at redhat.com> - 1.6.12-5
- add svnserve init script
- split out -libs subpackage
* Fri Sep  3 2010 Joe Orton <jorton at redhat.com> - 1.6.12-4
- restore PIE support

  [ 1 ] Bug #640317 - CVE-2010-3315 Subversion: Access restriction bypass by checkout of the root of the repository

This update can be installed with the "yum" update program.  Use 
su -c 'yum update subversion' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list