Overview

File _patchinfo of Package patchinfo.932

<patchinfo incident="932">
  <issue id="939517" tracker="bnc">VUL-1: EMBARGOED: CVE-2015-3187: subversion: svn_repos_trace_node_locations() reveals paths hidden by authz</issue>
  <issue id="939514" tracker="bnc">VUL-0: EMBARGOED: CVE-2015-3184: subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4</issue>
  <issue id="CVE-2015-3187" tracker="cve" />
  <issue id="CVE-2015-3184" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>scarabeus_iv</packager>
  <description>subversion was updated to fix two security issues.

These security issues were fixed:
- CVE-2015-3187: Information leak (only paths) that were hidden by path-based authz (bsc#939517).
- CVE-2015-3184: Information leak in mixed anonymous/authenticated httpd (dav) configurations (bsc#939514).
  </description>
  <summary>Security update for subversion</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places