File _patchinfo of Package patchinfo.2443

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.2443

<patchinfo incident="2443">
  <issue id="976849" tracker="bnc">VUL-1: CVE-2016-2167: subversion: svnserve/sasl may authenticate users using the wrong realm</issue>
  <issue id="976850" tracker="bnc">VUL-0: CVE-2016-2168: subversion: mod_authz_svn: DoS in MOVE/COPY authorization check</issue>
  <issue id="969159" tracker="bnc">subversion dependencies do not enforce matching password store (here: svn_kwallet)</issue>
  <issue id="911620" tracker="bnc">svn server (svnserve) cannot be started via yast &gt; service manager - Systemd EnvironmentFile is missing</issue>
  <issue id="CVE-2016-2167" tracker="cve" />
  <issue id="CVE-2016-2168" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>scarabeus_iv</packager>
  <description>This update for subversion fixes the following issues:

- CVE-2016-2167: mod_authz_svn: DoS in MOVE/COPY authorization check (bsc#976849)
- CVE-2016-2168: svnserve/sasl may authenticate users using the wrong realm (bsc#976850)

The following non-security bugs were fixed:

- bsc#969159: subversion dependencies did not enforce matching password store
- bsc#911620: svnserve could not be started via YaST Service manager
</description>
  <summary>Security update for subversion</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.2443

Places