subversion (1.9.3-2ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Arbitrary code execution on clients through
    malicious svn+ssh URLs
    - debian/patches/CVE-2017-9800-1.9.6.patch: ensure that host
      arguments to ssh cannot be treated as ssh options.
    - CVE-2017-9800
  * SECURITY UPDATE: svnserve/sasl may authenticate users using the
    wrong realm.
    - debian/patches/CVE-2016-2167.patch: Reject invalid usernames when
      SASL is being used.
    - CVE-2016-2167
  * SECURITY UPDATE: remotely triggerable crash in the mod_authz_svn
    module.
    - debian/patches/CVE-2016-2167.patch: Reject requests with invalid
      Destination headers.
    - CVE-2016-2168
  * SECURITY UPDATE: denial-of-service caused by exponential XML
    entity expansion ("billion laughs attack").
    - debian/patches/CVE-2016-8734.patch: properly error out the
      parser on invalid data.
    - CVE-2016-8734

Date: 2017-08-10 16:49:18.820374+00:00
Changed-By: Steve Beattie <sbeat...@ubuntu.com>
Signed-By: Ubuntu Archive Robot 
<cjwatson+ubuntu-archive-ro...@chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/subversion/1.9.3-2ubuntu1.1
Sorry, changesfile not available.
-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

Reply via email to