Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
patchinfo.5431
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.5431
<patchinfo incident="5431"> <issue id="897033" tracker="bnc">devel:tools:scm:svn/sqlite3: Bug</issue> <issue id="909935" tracker="bnc">VUL-0: CVE-2014-3580, CVE-2014-8108: subversion: remotely triggerable segfault DoS vulnerabilities</issue> <issue id="923795" tracker="bnc">VUL-0: CVE-2015-0251: subversion: spoofing of svn:author property values for new revisions</issue> <issue id="976850" tracker="bnc">VUL-0: CVE-2016-2168: subversion: mod_authz_svn: DoS in MOVE/COPY authorization check</issue> <issue id="983938" tracker="bnc">`After=syslog.target` left-overs in several unit files</issue> <issue id="911620" tracker="bnc">svn server (svnserve) cannot be started via yast > service manager - Systemd EnvironmentFile is missing</issue> <issue id="939517" tracker="bnc">VUL-1: CVE-2015-3187: subversion: svn_repos_trace_node_locations() reveals paths hidden by authz</issue> <issue id="916286" tracker="bnc">Wrong subversion.conf</issue> <issue id="969159" tracker="bnc">subversion dependencies do not enforce matching password store (here: svn_kwallet)</issue> <issue id="1051362" tracker="bnc">VUL-0: CVE-2017-9800: subversion: client code execution via argument injection in SSH URL</issue> <issue id="976849" tracker="bnc">VUL-1: CVE-2016-2167: subversion: svnserve/sasl may authenticate users using the wrong realm</issue> <issue id="958300" tracker="bnc">VUL-0: CVE-2015-5343: subversion: Heap overflow and out-of-bounds read in mod_dav_svn</issue> <issue id="1011552" tracker="bnc">VUL-1: CVE-2016-8734: subversion: Unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s)://</issue> <issue id="923793" tracker="bnc">VUL-0: CVE-2015-0202: subversion: mod_dav_svn with FSFS repositories remotely triggerable excessive memory use with certain REPORT requests</issue> <issue id="939514" tracker="bnc">VUL-0: CVE-2015-3184: subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4</issue> <issue id="1026936" tracker="bnc">VUL-1: subversion: malicious user may commit SHA-1 collisions and cause repository inconsistencies</issue> <issue id="977424" tracker="bnc">"svn: E120190: Error running context: An error occurred during authentication" when accessing subversion repositories</issue> <issue id="923794" tracker="bnc">VUL-0: CVE-2015-0248: subversion: mod_dav_svn and svnserve remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers</issue> <issue id="942819" tracker="bnc">Latest subversion update pulls in 180+ new packages as dependencies</issue> <issue id="2014-3580" tracker="cve" /> <issue id="2015-3184" tracker="cve" /> <issue id="2017-9800" tracker="cve" /> <issue id="2015-0248" tracker="cve" /> <issue id="2016-8734" tracker="cve" /> <issue id="2016-2168" tracker="cve" /> <issue id="2014-8108" tracker="cve" /> <issue id="2015-3187" tracker="cve" /> <issue id="2015-0251" tracker="cve" /> <issue id="2015-0202" tracker="cve" /> <issue id="2015-5343" tracker="cve" /> <issue id="2016-2167" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>scarabeus_iv</packager> <description>This update for subversion fixes the following issues: - CVE-2017-9800: A malicious, compromised server or MITM may cause svn client to execute arbitrary commands by sending repository content with svn:externals definitions pointing to crafted svn+ssh URLs. (bsc#1051362) - Malicious user may commit SHA-1 collisions and cause repository inconsistencies (bsc#1026936) - CVE-2016-8734: Unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s):// could lead to denial of service (bsc#1011552) - CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm (bsc#976849) - CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn during COPY/MOVE authorization check (bsc#976850) - mod_authz_svn: fix authz with mod_auth_kerb/mod_auth_ntlm (bsc#977424) - make the subversion package conflict with KWallet and Gnome Keyring packages with do not require matching subversion versions in SLE 12 and openSUSE Leap 42.1 and thus break the main package upon partial upgrade. (bsc#969159) - CVE-2015-5343: Remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel-encoded request bodies. (bsc#958300) - Avoid recommending 180+ new pkgs for installation on minimal setup due subversion-password-store (bsc#942819) - CVE-2015-3184: mod_authz_svn: mixed anonymous/authenticated httpd (dav) configurations could lead to information leak (bsc#939514) - CVE-2015-3187: do not leak paths that were hidden by path-based authz (bsc#939517) - CVE-2015-0202: Subversion HTTP servers with FSFS repositories were vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. (bsc#923793) - CVE-2015-0248: Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. (bsc#923794) - CVE-2015-0251: Subversion HTTP servers allow spoofing svn:author property values for new revisions (bsc#923795) - fix sample configuration comments in subversion.conf (bsc#916286) - fix sysconfig file generation (bsc#911620) - CVE-2014-3580: mod_dav_svn invalid REPORT requests could lead to denial of service (bsc#909935) - CVE-2014-8108: mod_dav_svn use of invalid transaction names could lead to denial of service (bsc#909935) - INSTALL#SQLite says 'Subversion 1.8 requires SQLite version 3.7.12 or above'; therefore I lowered the sqlite requirement to make the subversion run on older system versions, tooi. [bsc#897033] </description> <summary>Security update for subversion</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor