openSUSE Build Service

Security update for subversion

Apache Subversion was updated to 1.8.13 to fix three vulnerabilities and a number of non-security bugs.

This release fixes three vulnerabilities:

* Subversion HTTP servers with FSFS repositories were vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. (bsc#923793 CVE-2015-0202)
* Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. (bsc#923794 CVE-2015-0248)
* Subversion HTTP servers allow spoofing svn:author property values for new revisions (bsc#923795 CVE-2015-0251)

Non-security fixes:

* fixes number of client and server side non-security bugs
* improved working copy performance
* reduction of resource use
* stability improvements
* usability improvements
* fix sample configuration comments in subversion.conf [boo#916286]
* fix bashisms in mailer-init.sh script

Submitted by Andreas Stieger (AndreasStieger)

Fixed bugs

bnc#923793

VUL-0: CVE-2015-0202: subversion: mod_dav_svn with FSFS repositories remotely triggerable excessive memory use with certain REPORT requests

bnc#916286

Wrong subversion.conf

bnc#923794

VUL-0: CVE-2015-0248: subversion: mod_dav_svn and svnserve remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers

bnc#923795

VUL-0: CVE-2015-0251: subversion: spoofing of svn:author property values for new revisions

CVE-CVE-2015-0202

CVE-CVE-2015-0248

CVE-CVE-2015-0251

Places

Fixed bugs

Selected Binaries

Places