Overview

File _patchinfo of Package patchinfo.5701

<patchinfo incident="5701">
  <issue id="1049448" tracker="bnc">L3-Question: subversion: cannot easily configure svnserve as a user/group other than svn/svn</issue>
  <issue tracker="bnc" id="1142743">VUL-0: EMBARGOED: CVE-2018-11782: subversion: Remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev'</issue>
  <issue tracker="bnc" id="1142721">VUL-0: EMBARGOED: CVE-2019-0203: subversion: Remote unauthenticated denial-of-service in Subversion svnserve</issue>
  <issue tracker="cve" id="2018-11782"/>
  <issue tracker="cve" id="2019-0203"/>
  <category>security</category>
  <rating>important</rating>
  <packager>scarabeus_iv</packager>
  <description>This update for subversion fixes the following issues:

Security issues fixed:

- CVE-2018-11782: Fixed a remote denial of service in svnserve 'get-deleted-rev' (bsc#1142743).
- CVE-2019-0203: Fixed a remote, unauthenticated denial of service in svnserve (bsc#1142721).

Non-security issues fixed:

- Add instructions for running svnserve as a user different from
  "svn", and remove sysconfig variables that are no longer
  effective with the systemd unit. bsc#1049448
  </description>
  <summary>Security update for subversion</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places