Security update for subversion
subversion was updated to version 1.8.14 to fix two security issues.
These security issues were fixed:
- CVE-2015-3187: Information leak (only paths) that were hidden by path-based authz (bsc#939517).
- CVE-2015-3184: Information leak in mixed anonymous/authenticated httpd (dav) configurations (bsc#939514).
-
Submitted by
Tomáš Chvátal (scarabeus_iv)
Fixed bugs
bnc#939517
VUL-1: EMBARGOED: CVE-2015-3187: subversion: svn_repos_trace_node_locations() reveals paths hidden by authz
bnc#939514
VUL-0: EMBARGOED: CVE-2015-3184: subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4
