[ubuntu/oneiric] subversion 1.6.12dfsg-4ubuntu5 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Fri Aug 5 17:05:19 UTC 2011 

subversion (1.6.12dfsg-4ubuntu5) oneiric; urgency=low

  * SECURITY UPDATE: denial of service via baselined WebDAV resource
    request
    - debian/patches/CVE-2011-1752.patch: disallow GETs of baselined
      versions of resources in subversion/mod_dav_svn/repos.c.
    - CVE-2011-1752
  * SECURITY UPDATE: mod_dav_svn resource exhaustion via infinite loop
    - debian/patches/CVE-2011-1783.patch: validate path in
      subversion/libsvn_repos/authz.c.
    - CVE-2011-1783
  * SECURITY UPDATE: mod_dav_svn permissions bypass via incorrect
    resource URL
    - debian/patches/CVE-2011-1921.patch: validate path in
      subversion/mod_dav_svn/authz.c.
    - CVE-2011-1921

Date: Fri, 05 Aug 2011 10:53:00 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/subversion/1.6.12dfsg-4ubuntu5
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 05 Aug 2011 10:53:00 -0400
Source: subversion
Binary: subversion libsvn1 libsvn-dev libsvn-doc libapache2-svn python-subversion python-subversion-dbg subversion-tools libsvn-java libsvn-perl libsvn-ruby1.8 libsvn-ruby
Architecture: source
Version: 1.6.12dfsg-4ubuntu5
Distribution: oneiric
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libapache2-svn - Subversion server modules for Apache
 libsvn-dev - Development files for Subversion libraries
 libsvn-doc - Developer documentation for libsvn
 libsvn-java - Java bindings for Subversion
 libsvn-perl - Perl bindings for Subversion
 libsvn-ruby - Ruby bindings for Subversion (dummy package)
 libsvn-ruby1.8 - Ruby bindings for Subversion
 libsvn1    - Shared libraries used by Subversion
 python-subversion - Python bindings for Subversion
 python-subversion-dbg - Python bindings for Subversion (debug extension)
 subversion - Advanced version control system
 subversion-tools - Assorted tools related to Subversion
Changes: 
 subversion (1.6.12dfsg-4ubuntu5) oneiric; urgency=low
 .
   * SECURITY UPDATE: denial of service via baselined WebDAV resource
     request
     - debian/patches/CVE-2011-1752.patch: disallow GETs of baselined
       versions of resources in subversion/mod_dav_svn/repos.c.
     - CVE-2011-1752
   * SECURITY UPDATE: mod_dav_svn resource exhaustion via infinite loop
     - debian/patches/CVE-2011-1783.patch: validate path in
       subversion/libsvn_repos/authz.c.
     - CVE-2011-1783
   * SECURITY UPDATE: mod_dav_svn permissions bypass via incorrect
     resource URL
     - debian/patches/CVE-2011-1921.patch: validate path in
       subversion/mod_dav_svn/authz.c.
     - CVE-2011-1921
Checksums-Sha1: 
 8fd66545bb778bf5177b414d11db8641de378abf 2702 subversion_1.6.12dfsg-4ubuntu5.dsc
 1f7d866ff1324e12fe1fd7f51c468a2395a3164a 112212 subversion_1.6.12dfsg-4ubuntu5.diff.gz
Checksums-Sha256: 
 42f4715ea59637f4eb94218d8481b5e279acb48ed080595f72fea147aec290bc 2702 subversion_1.6.12dfsg-4ubuntu5.dsc
 1a074f8559065fef62742248c6869c720af68e87731b8bf3857ad16cf780e5a8 112212 subversion_1.6.12dfsg-4ubuntu5.diff.gz
Files: 
 77d64fda52d4463a6ea7dd70f61efa57 2702 vcs optional subversion_1.6.12dfsg-4ubuntu5.dsc
 bd0313412f7090db8d12632c1b50f650 112212 vcs optional subversion_1.6.12dfsg-4ubuntu5.diff.gz
Original-Maintainer: Peter Samuelson <peter at p12n.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJOPCIUAAoJEGVp2FWnRL6TJh0P/0ENNhvBocZpW+XbVSm30axe
OswTUumgESS9M66QKMX/90p3Sd2nKgqZnaRQPtsqsxpBQ7j5DtLLBVONnQiSt1ZH
UpJNsLIvU8SW4EEM+MMeO95Z45jN4ZP1OcUbaa9DAgwuB0qmD/sao+tz0v8YvP+F
1Em0OkVk/1uTDtUzmzTJE89kYAoslghy029YqVxxCntnNVpO2A0ignx+l1pJmrpc
tojsz/e4UseypsgBdF9ZEWLbm3z8lrYEI3LrbARciHKFYsaZlHjw2nL66RRC7Rvz
zceEv9LTjSO9TBy0N5Mtm6vhXDRaQAwY30J2539gvFocfjvYitRPnRuZwUVP8xYc
exYoAVGmK38BoUn9xk5ZfjHu7jdAb/X/z+aOJHnkGPTRTr5GAD3NsIiPVaVeBiaj
DAKGNDT+WYGhz6y3mJXVI/c7l7l5TnEwnbETd9hAiY1OjEkRX/3yRhWmqHSGyDyy
INMtBbSx93WdQuTa7hGOZBRZrtthPPgFXZqgZJH1n4zng0szXsvoRf2G1Mf+edxN
H5abOWmpyjCNb7VwUVJaL3T+aUYXy3aEd2EFoiZ9e0gDGcqZ/vNCljGknqrgXOQf
JteHZOMaWyjoHbFHw1ERdW5Xk/6jxNzm+C6X+DDmjOWEQMC5YqoPa2y02O5oQ+At
5vgsSPTfNukNCTKfQxOq
=X94d
-----END PGP SIGNATURE-----

More information about the Oneiric-changes mailing list