Overview

File _patchinfo of Package patchinfo.2957

<patchinfo>
  <issue id="890511" tracker="bnc">VUL-0: CVE-2014-3522: subversion: Apache Subversion incorrectly handles wildcards in certificates</issue>
  <issue id="890510" tracker="bnc">VUL-0: CVE-2014-3504: serf: handling of NUL bytes in fields of an X.509 cert</issue>
  <issue id="889849" tracker="bnc">VUL-0: CVE-2014-3528: subversion: Apache Subversion might reveal authentication information through md5 collision attack on authentication realm</issue>
  <issue id="CVE-2014-3504" tracker="cve" />
  <issue id="CVE-2014-3522" tracker="cve" />
  <issue id="CVE-2014-3528" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>AndreasStieger</packager>
  <description>This subversion and libserf update fixes several security and 
non security issues:

- subversion: guard against md5 hash collisions when finding cached 
  credentials [bnc#889849] [CVE-2014-3528]
- subversion: ra_serf: properly match wildcards in SSL certs. 
  [bnc#890511] [CVE-2014-3522]
- libserf: Handle NUL bytes in fields of an X.509 certificate.
  [bnc#890510] [CVE-2014-3504]
</description>
  <summary>update for libserf, subversion</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places