[ubuntu/precise-updates] subversion 1.6.17dfsg-3ubuntu3.5 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Aug 20 17:58:15 UTC 2015
subversion (1.6.17dfsg-3ubuntu3.5) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via non-existing REPORT request
- debian/patches/CVE-2014-3580.patch: make sure repo paths are
specified in subversion/mod_dav_svn/reports/deleted-rev.c,
subversion/mod_dav_svn/reports/file-revs.c,
subversion/mod_dav_svn/reports/get-location-segments.c,
subversion/mod_dav_svn/reports/get-locations.c,
subversion/mod_dav_svn/reports/log.c,
subversion/mod_dav_svn/reports/mergeinfo.c.
- CVE-2014-3580
* SECURITY UPDATE: denial of service via crafted parameter combinations
- debian/patches/CVE-2015-0248.patch: properly handle missing revision
numbers in subversion/mod_dav_svn/reports/get-location-segments.c,
subversion/svnserve/serve.c.
- CVE-2015-0248
* SECURITY UPDATE: svn:author property spoofing issue
- debian/patches/CVE-2015-0251.patch: restrict svn:author modifications
in subversion/mod_dav_svn/deadprops.c.
- CVE-2015-0251
* SECURITY UPDATE: sensitive path information disclosure
- debian/patches/CVE-2015-3187.patch: fix order in
subversion/libsvn_repos/rev_hunt.c, added tests to
subversion/tests/cmdline/authz_tests.py,
subversion/tests/libsvn_repos/repos-test.c.
- CVE-2015-3187
Date: 2015-08-20 15:04:13.150383+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list