[ubuntu/precise-security] subversion 1.6.17dfsg-3ubuntu3.3 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Thu Jun 27 17:09:24 UTC 2013 

subversion (1.6.17dfsg-3ubuntu3.3) precise-security; urgency=low

  * SECURITY UPDATE: denial of service in mod_dav_svn
    - debian/patches/CVE-2013-1845.patch: handle multiple calls in
      subversion/mod_dav_svn/dav_svn.h, subversion/mod_dav_svn/deadprops.c.
    - CVE-2013-1845
  * SECURITY UPDATE: denial of service in mod_dav_svn via LOCK
    - debian/patches/CVE-2013-1846_1847.patch: properly validate locks in
      subversion/mod_dav_svn/lock.c.
    - CVE-2013-1846
    - CVE-2013-1847
  * SECURITY UPDATE: denial of service in mod_dav_svn via PROPFIND
    - debian/patches/CVE-2013-1849.patch: validate type in
      subversion/mod_dav_svn/liveprops.c.
    - CVE-2013-1849
  * SECURITY UPDATE: repo corruption via newline chars in filenames
    - debian/patches/CVE-2013-1968.patch: properly escape paths in
      subversion/libsvn_fs_fs/tree.c, added test to
      subversion/tests/libsvn_fs/fs-test.c.
    - CVE-2013-1968
  * SECURITY UPDATE: denial of service via closed connection
    - debian/patches/CVE-2013-2112.patch: check for closed connections in
      subversion/svnserve/main.c.
    - CVE-2013-2112
  * Fix FTBFS from test suite failure because of APR hash ordering change:
    - debian/patches/fix_apr_ftbfs.patch: ignore ordering in
      subversion/bindings/swig/python/tests/repository.py,
      subversion/bindings/swig/python/tests/trac/versioncontrol/tests/svn_fs.py,
      subversion/bindings/swig/python/tests/wc.py,
      subversion/bindings/swig/ruby/test/test_client.rb,
      subversion/bindings/swig/ruby/test/test_wc.rb,
      subversion/tests/cmdline/stat_tests.py,
      subversion/tests/cmdline/svnlook_tests.py,
      subversion/tests/cmdline/svntest/actions.py,
      subversion/tests/cmdline/svntest/verify.py,
      subversion/tests/cmdline/switch_tests.py,
      subversion/tests/cmdline/diff_tests.py,
      subversion/tests/cmdline/svnsync_tests.py,
      subversion/tests/cmdline/update_tests.py,
      subversion/tests/cmdline/svnadmin_tests.py,
      disable test in subversion/bindings/swig/ruby/test/test_repos.rb,
      disable diff_repos_wc_add_with_props test in
      subversion/tests/cmdline/diff_tests.py.

Date: 2013-06-26 20:35:45.634928+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/precise/+source/subversion/1.6.17dfsg-3ubuntu3.3
-------------- next part --------------
Sorry, changesfile not available.

More information about the Precise-changes mailing list