Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="4423">
  <issue id="958300" tracker="bnc">Heap overflow and out-of-bounds read in mod_dav_svn</issue>
  <issue id="CVE-2015-5343" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>AndreasStieger</packager>
  <description>
This update for subversion fixes the following issues: 

- Apache Subversion 1.8.15
  This release fixes one security issue:
  Remotely triggerable heap overflow and out-of-bounds read in
  mod_dav_svn caused by integer overflow when parsing skel-encoded
  request bodies. CVE-2015-5343 [boo#958300]
  * fix a segfault with old style text delta
  * fsfs: reduce memory allocation with Apache
  * mod_dav_svn: emit first log items as soon as possible
  * mod_dav_svn: use LimitXMLRequestBody for skel-encoded requests
  * swig: fix memory corruption in svn_client_copy_source_t
  * better configure-time detection of httpd authz fix
    (drop subversion-1.8.14-httpd-version-number-detection.patch,
     replace subversion-1.8.9-allow-httpd-2.4.6.patch with
     subversion-1.8.15-allow-httpd-2.4.6.patch as a result
</description>
  <summary>Security update for subversion</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places