[ubuntu/karmic-security] subversion_1.6.5dfsg-1ubuntu1.1_i386_translations.tar.gz, subversion_1.6.5dfsg-1ubuntu1.1_powerpc_translations.tar.gz, subversion_1.6.5dfsg-1ubuntu1.1_armel_translations.tar.gz, subversion, subversion_1.6.5dfsg-1ubuntu1.1_amd64_translations.tar.gz, subversion_1.6.5dfsg-1ubuntu1.1_ia64_translations.tar.gz, subversion_1.6.5dfsg-1ubuntu1.1_lpia_translations.tar.gz, subversion_1.6.5dfsg-1ubuntu1.1_sparc_translations.tar.gz (delayed) 1.6.5dfsg-1ubuntu1.1 (Accepted)

Tue Feb 1 14:05:50 UTC 2011

subversion (1.6.5dfsg-1ubuntu1.1) karmic-security; urgency=low

  * SECURITY UPDATE: restriction bypass via named repo as a rule scope
    - debian/patches/CVE-2010-3315.patch: use repo_basename in
      subversion/mod_dav_svn/authz.c.
    - CVE-2010-3315
  * SECURITY UPDATE: denial of service via SVNParentPath walking
    - debian/patches/CVE-2010-4539.patch: don't try and walk SVNParentPath
      collection in subversion/mod_dav_svn/repos.c.
    - CVE-2010-4539
  * SECURITY UPDATE: denial of service via -g memory leaks
    - debian/patches/CVE-2010-4644.patch: improve logic in
      subversion/libsvn_repos/rev_hunt.c.
    - CVE-2010-4644

Date: Fri, 14 Jan 2011 12:39:35 -0600
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/subversion/1.6.5dfsg-1ubuntu1.1
-------------- next part --------------
Format: 1.8
Date: Fri, 14 Jan 2011 12:39:35 -0600
Source: subversion
Binary: subversion libsvn1 libsvn-dev libsvn-doc libapache2-svn python-subversion python-subversion-dbg subversion-tools libsvn-java libsvn-perl libsvn-ruby1.8 libsvn-ruby
Architecture: source
Version: 1.6.5dfsg-1ubuntu1.1
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libapache2-svn - Subversion server modules for Apache
 libsvn-dev - Development files for Subversion libraries
 libsvn-doc - Developer documentation for libsvn
 libsvn-java - Java bindings for Subversion
 libsvn-perl - Perl bindings for Subversion
 libsvn-ruby - Ruby bindings for Subversion (dummy package)
 libsvn-ruby1.8 - Ruby bindings for Subversion
 libsvn1    - Shared libraries used by Subversion
 python-subversion - Python bindings for Subversion
 python-subversion-dbg - Python bindings for Subversion (debug extension)
 subversion - Advanced version control system
 subversion-tools - Assorted tools related to Subversion
Changes: 
 subversion (1.6.5dfsg-1ubuntu1.1) karmic-security; urgency=low
 .
   * SECURITY UPDATE: restriction bypass via named repo as a rule scope
     - debian/patches/CVE-2010-3315.patch: use repo_basename in
       subversion/mod_dav_svn/authz.c.
     - CVE-2010-3315
   * SECURITY UPDATE: denial of service via SVNParentPath walking
     - debian/patches/CVE-2010-4539.patch: don't try and walk SVNParentPath
       collection in subversion/mod_dav_svn/repos.c.
     - CVE-2010-4539
   * SECURITY UPDATE: denial of service via -g memory leaks
     - debian/patches/CVE-2010-4644.patch: improve logic in
       subversion/libsvn_repos/rev_hunt.c.
     - CVE-2010-4644
Checksums-Sha1: 
 f7f33c9ec72584c5fd72654ddeaa4a514e1de76a 2667 subversion_1.6.5dfsg-1ubuntu1.1.dsc
 d1988e1742d5be64e14380f8f3ec82d18ad82fd8 96345 subversion_1.6.5dfsg-1ubuntu1.1.diff.gz
Checksums-Sha256: 
 55e460b61ae88481efd5bf1f912b907b0d84e51a528a1bf0552cb536e351e402 2667 subversion_1.6.5dfsg-1ubuntu1.1.dsc
 cce7d298685262c6ca588aa5f68e7d1f45d0226eab413707fbcb132675f5a0f6 96345 subversion_1.6.5dfsg-1ubuntu1.1.diff.gz
Files: 
 daa5708ecf2b7e4138198251002be635 2667 vcs optional subversion_1.6.5dfsg-1ubuntu1.1.dsc
 5817c173a3832f3dc38e0356c291c3d4 96345 vcs optional subversion_1.6.5dfsg-1ubuntu1.1.diff.gz
Original-Maintainer: Peter Samuelson <peter at p12n.org>