Overview Details

File _patchinfo of Package patchinfo

<patchinfo>
  <packager>wrosenauer</packager>
  <category>security</category>
  <rating>moderate</rating>
  <summary>subversion: security and bugfix minor version update</summary>
  <description>
Subversion received a minor version update to fix remote triggerable vulnerabilities
in mod_dav_svn which may result in denial of service.

- update to 1.6.21 [bnc#813913], addressing remotely triggerable
  + CVE-2013-1845: mod_dav_svn excessive memory usage from property changes
  + CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs
  + CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs
  + CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs
- further changes:
  + mod_dav_svn will omit some property values for activity urls
  + improve memory usage when committing properties in mod_dav_svn
  + fix mod_dav_svn runs pre-revprop-change twice
  + fixed: post-revprop-change errors cancel commit
  + improved logic in mod_dav_svn's implementation of lock.
  + fix a compatibility issue with g++ 4.7
</description>

<issue tracker="cve" id="CVE-2013-1845"/>
<issue tracker="cve" id="CVE-2013-1846"/>
<issue tracker="cve" id="CVE-2013-1847"/>
<issue tracker="cve" id="CVE-2013-1849"/>
<issue tracker="bnc" id="710878"/>
<issue tracker="bnc" id="796050"/>
<issue tracker="bnc" id="813913"/>
</patchinfo>
openSUSE Build Service is sponsored by
Places