update for libserf, subversion
This subversion and libserf update fixes several security and
non security issues:
- subversion: guard against md5 hash collisions when finding cached
credentials [bnc#889849] [CVE-2014-3528]
- subversion: ra_serf: properly match wildcards in SSL certs.
[bnc#890511] [CVE-2014-3522]
- libserf: Handle NUL bytes in fields of an X.509 certificate.
[bnc#890510] [CVE-2014-3504]
-
Submitted by
Andreas Stieger (AndreasStieger)
Fixed bugs
bnc#890511
VUL-0: CVE-2014-3522: subversion: Apache Subversion incorrectly handles wildcards in certificates
bnc#890510
VUL-0: CVE-2014-3504: serf: handling of NUL bytes in fields of an X.509 cert
bnc#889849
VUL-0: CVE-2014-3528: subversion: Apache Subversion might reveal authentication information through md5 collision attack on authentication realm
