File _patchinfo of Package patchinfo

<patchinfo incident="3672">
  <issue id="923793" tracker="bnc">VUL-0: CVE-2015-0202: subversion: mod_dav_svn with FSFS repositories remotely triggerable excessive memory use with certain REPORT requests</issue>
  <issue id="916286" tracker="bnc">Wrong subversion.conf</issue>
  <issue id="923794" tracker="bnc">VUL-0: CVE-2015-0248: subversion: mod_dav_svn and svnserve remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers</issue>
  <issue id="923795" tracker="bnc">VUL-0: CVE-2015-0251: subversion: spoofing of svn:author property values for new revisions</issue>
  <issue id="CVE-2015-0202" tracker="cve" />
  <issue id="CVE-2015-0248" tracker="cve" />
  <issue id="CVE-2015-0251" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>AndreasStieger</packager>
  <description>Apache Subversion was updated to 1.8.13 to fix three vulnerabilities and a number of non-security bugs.

This release fixes three vulnerabilities:

* Subversion HTTP servers with FSFS repositories were vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. (bsc#923793 CVE-2015-0202) 
* Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. (bsc#923794 CVE-2015-0248)
* Subversion HTTP servers allow spoofing svn:author property values for new revisions (bsc#923795 CVE-2015-0251)

Non-security fixes:

  * fixes number of client and server side non-security bugs
  * improved working copy performance
  * reduction of resource use
  * stability improvements
  * usability improvements
  * fix sample configuration comments in subversion.conf [boo#916286]
  * fix bashisms in mailer-init.sh script
</description>
  <summary>Security update for subversion</summary>
</patchinfo>