Subversion received a minor version update to fix remote triggerable vulnerabilities
in mod_dav_svn which may result in denial of service.
- update to 1.6.21 [bnc#813913], addressing remotely triggerable
+ CVE-2013-1845: mod_dav_svn excessive memory usage from property changes
+ CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs
+ CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs
+ CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs
- further changes:
+ mod_dav_svn will omit some property values for activity urls
+ improve memory usage when committing properties in mod_dav_svn
+ fix mod_dav_svn runs pre-revprop-change twice
+ fixed: post-revprop-change errors cancel commit
+ improved logic in mod_dav_svn's implementation of lock.
+ fix a compatibility issue with g++ 4.7
- Submitted by Wolfgang Rosenauer (wrosenauer)