Overview Details Repositories Revisions Requests Users Attributes Meta
subversion: security and bugfix minor version update

Subversion received a minor version update to fix remote triggerable vulnerabilities
in mod_dav_svn which may result in denial of service.

- update to 1.6.21 [bnc#813913], addressing remotely triggerable
+ CVE-2013-1845: mod_dav_svn excessive memory usage from property changes
+ CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs
+ CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs
+ CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs
- further changes:
+ mod_dav_svn will omit some property values for activity urls
+ improve memory usage when committing properties in mod_dav_svn
+ fix mod_dav_svn runs pre-revprop-change twice
+ fixed: post-revprop-change errors cancel commit
+ improved logic in mod_dav_svn's implementation of lock.
+ fix a compatibility issue with g++ 4.7

Fixed bugs
CVE-CVE-2013-1845
CVE-CVE-2013-1846
CVE-CVE-2013-1847
CVE-CVE-2013-1849
bnc#710878
Bizarre copy of UNKNOWN in subroutine entry at .../SVN/Base.pm line 80.
bnc#796050
update Apache Subversion to 1.6.20 maintenance release
bnc#813913
VUL-0: subversion: multiple remotely triggerable vulnerabilities in subversion mod_dav_svn may result in denial-of-service
Selected Binaries
openSUSE Build Service is sponsored by
Places