File _patchinfo of Package patchinfo.2281
<patchinfo incident="2281">
<packager>AndreasStieger</packager>
<issue tracker="cve" id="CVE-2013-4505">mod_dontdothat does not restrict requests from serf clients.</issue>
<issue tracker="cve" id="CVE-2013-4558">mod_dav_svn assertion triggered by autoversioning commits.</issue>
<issue tracker="bnc" id="850747">Apache Subversion 1.8.5 and 1.7.14 maintenance releases</issue>
<issue tracker="bnc" id="850667">CVE-2013-4505: subversion: mod_dontdothat does not restrict requests from serf based clients</issue>
<category>security</category>
<rating>moderate</rating>
<summary>subversion: update to 1.8.5</summary>
<description>This update fixes the following issues with subversion (CVE-2013-4505,CVE-2013-4558):
- bnc#850747: update to 1.8.5
* CVE-2013-4505: mod_dontdothat does not restrict requests from
serf clients.
* CVE-2013-4558: mod_dav_svn assertion triggered by
autoversioning commits.
+ Client-side bugfixes:
* fix externals that point at redirected locations
* diff: fix assertion with move inside a copy
+ Server-side bugfixes:
* mod_dav_svn: Prevent crashes with some 3rd party modules
* mod_dav_svn: canonicalize paths properly
* mod_authz_svn: fix crash of mod_authz_svn with invalid config
* hotcopy: fix hotcopy losing revprop files in packed repos
+ Other tool improvements and bugfixes:
* mod_dontdothat: Fix the uri parser
+ Developer-visible changes:
* fix compilation with '--enable-optimize' with clang
* add test to fail when built against broken ZLib
+ Bindings:
* ctypes-python: build with compiler selected via configure
- require python-sqlite when running regression tests for all targets, no longer pulled in implicitly
- print error logs on regression test failures
- fix regression tests for ppc/ppc64 architectures, found in openSUSE package build and fixed with upstream developers
- if running regression tests, also run them against bdb backend
- update keyring, use Subversion Project Management Committee keyring rather than all committers
</description>
</patchinfo>
