[SECURITY] Fedora 23 Update: subversion-1.9.3-1.fc23

updates at fedoraproject.org updates at fedoraproject.org
Tue Dec 22 22:09:43 UTC 2015

Fedora Update Notification
2015-12-22 17:48:56.359287

Name        : subversion
Product     : Fedora 23
Version     : 1.9.3
Release     : 1.fc23
URL         : http://subversion.apache.org/
Summary     : A Modern Concurrent Version Control System
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes.  Subversion only stores the differences between versions,
instead of every complete file.  Subversion is intended to be a
compelling replacement for CVS.

Update Information:

This update includes the latest stable release of _Apache Subversion_, version
**1.9.3**.  ### User-visible changes: #### Client-side bugfixes: * svn: fix
possible crash in auth credentials cache  * cleanup: avoid unneeded memory
growth during pristine cleanup  * diff: fix crash when repository is on server
root  * fix translations for commit notifications  * ra_serf: fix crash in
multistatus parser  * svn: report lock/unlock errors as failures  * svn: cleanup
user deleted external registrations  * svn: allow simple resolving of binary
file text conflicts  * svnlook: properly remove tempfiles on diff errors  *
ra_serf: report built- and run-time versions of libserf  * ra_serf: set Content-
Type header in outgoing requests  * svn: fix merging deletes of svn:eol-style
CRLF/CR files  * ra_local: disable zero-copy code path  #### Server-side
bugfixes: * mod_authz_svn: fix authz with mod_auth_kerb/mod_auth_ntlm ( [issue
4602](http://subversion.tigris.org/issues/show_bug.cgi?id=4602)) * mod_dav_svn:
fix display of process ID in cache statistics  * mod_dav_svn: use
LimitXMLRequestBody for skel-encoded requests  * svnadmin dump: preserve no-op
changes  * fsfs: avoid unneeded I/O when opening transactions  #### Bindings
bugfixes: * javahl: fix ABI incompatibilty with 1.8  * javahl: allow non-
absolute paths in SVNClient.vacuum  ### Developer-visible changes: #### General:
* fix patch filter invocation in svn_client_patch()  * add \@since information
to config defines  * fix running the tests in compatibility mode  * clarify
documentation of svn_fs_node_created_rev()  #### API changes: * fix overflow
detection in svn_stringbuf_remove and _replace  * don't ignore some of the
parameters to svn_ra_svn_create_conn3

  [ 1 ] Bug #1289959 - CVE-2015-5343 subversion: (mod_dav_svn) integer overflow when parsing skel-encoded request bodies
  [ 2 ] Bug #1289958 - CVE-2015-5259 subversion: integer overflow in the svn:// protocol parser

This update can be installed with the "yum" update program. Use
su -c 'yum update subversion' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list