[SECURITY] Fedora 23 Update: subversion-1.9.3-1.fc23
updates at fedoraproject.org
updates at fedoraproject.org
Tue Dec 22 22:09:43 UTC 2015
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-afdb0e8aaa
2015-12-22 17:48:56.359287
--------------------------------------------------------------------------------
Name : subversion
Product : Fedora 23
Version : 1.9.3
Release : 1.fc23
URL : http://subversion.apache.org/
Summary : A Modern Concurrent Version Control System
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. Subversion only stores the differences between versions,
instead of every complete file. Subversion is intended to be a
compelling replacement for CVS.
--------------------------------------------------------------------------------
Update Information:
This update includes the latest stable release of _Apache Subversion_, version
**1.9.3**. ### User-visible changes: #### Client-side bugfixes: * svn: fix
possible crash in auth credentials cache * cleanup: avoid unneeded memory
growth during pristine cleanup * diff: fix crash when repository is on server
root * fix translations for commit notifications * ra_serf: fix crash in
multistatus parser * svn: report lock/unlock errors as failures * svn: cleanup
user deleted external registrations * svn: allow simple resolving of binary
file text conflicts * svnlook: properly remove tempfiles on diff errors *
ra_serf: report built- and run-time versions of libserf * ra_serf: set Content-
Type header in outgoing requests * svn: fix merging deletes of svn:eol-style
CRLF/CR files * ra_local: disable zero-copy code path #### Server-side
bugfixes: * mod_authz_svn: fix authz with mod_auth_kerb/mod_auth_ntlm ( [issue
4602](http://subversion.tigris.org/issues/show_bug.cgi?id=4602)) * mod_dav_svn:
fix display of process ID in cache statistics * mod_dav_svn: use
LimitXMLRequestBody for skel-encoded requests * svnadmin dump: preserve no-op
changes * fsfs: avoid unneeded I/O when opening transactions #### Bindings
bugfixes: * javahl: fix ABI incompatibilty with 1.8 * javahl: allow non-
absolute paths in SVNClient.vacuum ### Developer-visible changes: #### General:
* fix patch filter invocation in svn_client_patch() * add \@since information
to config defines * fix running the tests in compatibility mode * clarify
documentation of svn_fs_node_created_rev() #### API changes: * fix overflow
detection in svn_stringbuf_remove and _replace * don't ignore some of the
parameters to svn_ra_svn_create_conn3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1289959 - CVE-2015-5343 subversion: (mod_dav_svn) integer overflow when parsing skel-encoded request bodies
https://bugzilla.redhat.com/show_bug.cgi?id=1289959
[ 2 ] Bug #1289958 - CVE-2015-5259 subversion: integer overflow in the svn:// protocol parser
https://bugzilla.redhat.com/show_bug.cgi?id=1289958
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update subversion' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list