Overview

File _patchinfo of Package patchinfo.5976

<patchinfo incident="5976">
  <issue id="1011552" tracker="bnc">VUL-1: CVE-2016-8734: subversion: Unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s)://</issue>
  <issue id="2016-8734" tracker="cve" />
  <category>security</category>
  <rating>low</rating>
  <packager>scarabeus_iv</packager>
  <description>
This update for subversion fixes the following issues:

- Version update to 1.9.5:
  * Unrestricted XML entity expansion in mod_dontdothat and Subversion clients
    using http(s)://
    (boo#1011552, CVE-2016-8734)
- Client-side bugfixes:
  * fix accessing non-existent paths during reintegrate merge (r1766699 et al)
  * fix handling of newly secured subdirectories in working copy (r1724448)
  * info: remove trailing whitespace in --show-item=revision (issue #4660)
  * fix recording wrong revisions for tree conflicts (r1734106)
  * gpg-agent: improve discovery of gpg-agent sockets (r1766327)
  * gpg-agent: fix file descriptor leak (r1766323)
  * resolve: fix --accept=mine-full for binary files (issue #4647)
  * merge: fix possible crash (issue #4652)
  * resolve: fix possible crash (r1748514)
  * fix potential crash in Win32 crash reporter (r1663253 et al)
- Server-side bugfixes:
  * fsfs: fix "offset too large" error during pack (issue #4657)
  * svnserve: enable hook script environments (r1769152)
  * fsfs: fix possible data reconstruction error (issue #4658)
  * fix source of spurious 'incoming edit' tree conflicts (r1770108)
  * fsfs: improve caching for large directories (r1721285)
  * fsfs: fix crash when encountering all-zero checksums (r1759686)
  * fsfs: fix potential source of repository corruptions (r1756266)
  * mod_dav_svn: fix excessive memory usage with mod_headers/mod_deflate
    (issue #3084)
  * mod_dav_svn: reduce memory usage during GET requests (r1757529 et al)
  * fsfs: fix unexpected "database is locked" errors (r1741096 et al)
  * fsfs: fix opening old repositories without db/format files (r1720015)
- Client-side and server-side bugfixes:
  * fix possible crash when reading invalid configuration files (r1715777)
- Bindings bugfixes:
  * swig-pl: do not corrupt "{DATE}" revision variable (r1767768)
  * javahl: fix temporary accepting SSL server certificates (r1764851)
  * swig-pl: fix possible stack corruption (r1683266, r1683267)
</description>
  <summary>Security update for subversion</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places