Hello community,
here is the log from the commit of package patchinfo.1555 for
openSUSE:12.3:Update checked in at 2013-04-16 10:26:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3:Update/patchinfo.1555 (Old)
and /work/SRC/openSUSE:12.3:Update/.patchinfo.1555.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.1555", Maintainer is ""
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
New:
----
_patchinfo
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _patchinfo ++++++
<patchinfo>
<issue id="813913" tracker="bnc">VUL-0: subversion: multiple remotely
triggerable vulnerabilities in subversion mod_dav_svn may result in
denial-of-service</issue>
<issue id="CVE-2013-1884" tracker="cve" />
<issue id="CVE-2013-1849" tracker="cve" />
<issue id="CVE-2013-1846" tracker="cve" />
<issue id="CVE-2013-1847" tracker="cve" />
<issue id="CVE-2013-1845" tracker="cve" />
<category>security</category>
<rating>moderate</rating>
<packager>AndreasStieger</packager>
<description>
Subversion received minor version updates to fix remote triggerable
vulnerabilities
in mod_dav_svn which may result in denial of service.
On openSUSE 12.1:
- update to 1.6.21 [bnc#813913], addressing remotely triggerable
+ CVE-2013-1845: mod_dav_svn excessive memory usage from property changes
+ CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs
+ CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant
URLs
+ CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity
URLs
- further changes:
+ mod_dav_svn will omit some property values for activity urls
+ improve memory usage when committing properties in mod_dav_svn
+ fix mod_dav_svn runs pre-revprop-change twice
+ fixed: post-revprop-change errors cancel commit
+ improved logic in mod_dav_svn's implementation of lock.
+ fix a compatibility issue with g++ 4.7
On openSUSE 12.2 and 12.3:
- update to 1.7.9 [bnc#813913], addressing remotely triggerable
vulnerabilities in mod_dav_svn which may result in denial of service:
+ CVE-2013-1845: mod_dav_svn excessive memory usage from property changes
+ CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs
+ CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant
URLs
+ CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity
URLs
+ CVE-2013-1884: mod_dav_svn crashes on out of range limit in log REPORT
- further changes:
+ Client-side bugfixes:
* improved error messages about svn:date and svn:author props.
* fix local_relpath assertion
* fix memory leak in `svn log` over svn://
* fix incorrect authz failure when using neon http library
* fix segfault when using kwallet
+ Server-side bugfixes:
* svnserve will log the replayed rev not the low-water rev.
* mod_dav_svn will omit some property values for activity urls
* fix an assertion in mod_dav_svn when acting as a proxy on /
* improve memory usage when committing properties in mod_dav_svn
* fix svnrdump to load dump files with non-LF line endings
* fix assertion when rep-cache is inaccessible
* improved logic in mod_dav_svn's implementation of lock.
* avoid executing unnecessary code in log with limit
- Developer-visible changes:
+ General:
* fix an assertion in dav_svn_get_repos_path() on Windows
* fix get-deps.sh to correctly download zlib
* doxygen docs will now ignore prefixes when producing the index
* fix get-deps.sh on freebsd
+ Bindings:
* javahl status api now respects the ignoreExternals boolean
- refresh subversion-no-build-date.patch for upstream source changes
</description>
<summary>subversion: security and bugfix minor version updates</summary>
</patchinfo>
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
