UbuntuUpdates.org

Package "subversion"

Name: subversion

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Subversion server modules for Apache
  • Java bindings for Subversion
  • Ruby bindings for Subversion (dummy package)
  • Ruby bindings for Subversion

Latest version: 1.6.17dfsg-3ubuntu3.8
Release: precise (12.04)
Level: security
Repository: universe

Links



Other versions of "subversion" in Precise

Repository Area Version
base main 1.6.17dfsg-3ubuntu3
base universe 1.6.17dfsg-3ubuntu3
security main 1.6.17dfsg-3ubuntu3.8
updates main 1.6.17dfsg-3ubuntu3.8
updates universe 1.6.17dfsg-3ubuntu3.8

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.6.17dfsg-3ubuntu3.8 2021-05-03 15:06:28 UTC

  subversion (1.6.17dfsg-3ubuntu3.8) precise-security; urgency=medium

  * SECURITY UPDATE: Remotely triggerable DoS vulnerability in svnserve
    'get-deleted-rev' and Remote unauthenticated denial-of-service
    - debian/patches/CVE-2018-11782-and-CVE-2019-0203.patch: properly handle certain replies
      in subversion/libsvn_ra_svn/client.c, subversion/svnserve/serve.c,
    - CVE-2018-11782
    - CVE-2019-0203

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 29 Jul 2019 14:51:27 -0300

Source diff to previous version
CVE-2018-11782 RESERVED
CVE-2019-0203 RESERVED

Version: 1.6.17dfsg-3ubuntu3.5 2015-08-20 18:06:39 UTC

  subversion (1.6.17dfsg-3ubuntu3.5) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via non-existing REPORT request
    - debian/patches/CVE-2014-3580.patch: make sure repo paths are
      specified in subversion/mod_dav_svn/reports/deleted-rev.c,
      subversion/mod_dav_svn/reports/file-revs.c,
      subversion/mod_dav_svn/reports/get-location-segments.c,
      subversion/mod_dav_svn/reports/get-locations.c,
      subversion/mod_dav_svn/reports/log.c,
      subversion/mod_dav_svn/reports/mergeinfo.c.
    - CVE-2014-3580
  * SECURITY UPDATE: denial of service via crafted parameter combinations
    - debian/patches/CVE-2015-0248.patch: properly handle missing revision
      numbers in subversion/mod_dav_svn/reports/get-location-segments.c,
      subversion/svnserve/serve.c.
    - CVE-2015-0248
  * SECURITY UPDATE: svn:author property spoofing issue
    - debian/patches/CVE-2015-0251.patch: restrict svn:author modifications
      in subversion/mod_dav_svn/deadprops.c.
    - CVE-2015-0251
  * SECURITY UPDATE: sensitive path information disclosure
    - debian/patches/CVE-2015-3187.patch: fix order in
      subversion/libsvn_repos/rev_hunt.c, added tests to
      subversion/tests/cmdline/authz_tests.py,
      subversion/tests/libsvn_repos/repos-test.c.
    - CVE-2015-3187

 -- Marc Deslauriers Thu, 20 Aug 2015 08:53:48 -0400

Source diff to previous version
CVE-2014-3580 The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial o
CVE-2015-0248 The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of
CVE-2015-0251 The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property
CVE-2015-3187 The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows

Version: 1.6.17dfsg-3ubuntu3.4 2014-08-14 19:06:40 UTC

  subversion (1.6.17dfsg-3ubuntu3.4) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via mod_dav_svn
    - debian/patches/CVE-2014-0032.patch: only allow GET and HEAD in
      subversion/mod_dav_svn/repos.c.
    - CVE-2014-0032
  * SECURITY UPDATE: incorrect ssl cert validation
    - debian/patches/CVE-2014-3522.patch: properly validate hostnames in
      subversion/include/private/svn_cert.h,
      subversion/libsvn_ra_serf/util.c,
      subversion/libsvn_subr/dirent_uri.c,
      added tests to subversion/tests/libsvn_subr/dirent_uri-test.c.
    - CVE-2014-3522
  * SECURITY UPDATE: md5 collision authentication leak
    - debian/patches/CVE-2014-3528.patch: check if realm matches in
      subversion/libsvn_subr/config_auth.c.
    - CVE-2014-3528
 -- Marc Deslauriers <email address hidden> Wed, 13 Aug 2014 11:02:34 -0400

Source diff to previous version
CVE-2014-0032 The get_resource function in repos.c in the mod_dav_svn module in ...
CVE-2014-3522 incorrect SSL certificate validation in Serf RA (repository access) layer
CVE-2014-3528 MD5 collision authentication leak

Version: 1.6.17dfsg-3ubuntu3.3 2013-06-27 18:06:51 UTC

  subversion (1.6.17dfsg-3ubuntu3.3) precise-security; urgency=low

  * SECURITY UPDATE: denial of service in mod_dav_svn
    - debian/patches/CVE-2013-1845.patch: handle multiple calls in
      subversion/mod_dav_svn/dav_svn.h, subversion/mod_dav_svn/deadprops.c.
    - CVE-2013-1845
  * SECURITY UPDATE: denial of service in mod_dav_svn via LOCK
    - debian/patches/CVE-2013-1846_1847.patch: properly validate locks in
      subversion/mod_dav_svn/lock.c.
    - CVE-2013-1846
    - CVE-2013-1847
  * SECURITY UPDATE: denial of service in mod_dav_svn via PROPFIND
    - debian/patches/CVE-2013-1849.patch: validate type in
      subversion/mod_dav_svn/liveprops.c.
    - CVE-2013-1849
  * SECURITY UPDATE: repo corruption via newline chars in filenames
    - debian/patches/CVE-2013-1968.patch: properly escape paths in
      subversion/libsvn_fs_fs/tree.c, added test to
      subversion/tests/libsvn_fs/fs-test.c.
    - CVE-2013-1968
  * SECURITY UPDATE: denial of service via closed connection
    - debian/patches/CVE-2013-2112.patch: check for closed connections in
      subversion/svnserve/main.c.
    - CVE-2013-2112
  * Fix FTBFS from test suite failure because of APR hash ordering change:
    - debian/patches/fix_apr_ftbfs.patch: ignore ordering in
      subversion/bindings/swig/python/tests/repository.py,
      subversion/bindings/swig/python/tests/trac/versioncontrol/tests/svn_fs.py,
      subversion/bindings/swig/python/tests/wc.py,
      subversion/bindings/swig/ruby/test/test_client.rb,
      subversion/bindings/swig/ruby/test/test_wc.rb,
      subversion/tests/cmdline/stat_tests.py,
      subversion/tests/cmdline/svnlook_tests.py,
      subversion/tests/cmdline/svntest/actions.py,
      subversion/tests/cmdline/svntest/verify.py,
      subversion/tests/cmdline/switch_tests.py,
      subversion/tests/cmdline/diff_tests.py,
      subversion/tests/cmdline/svnsync_tests.py,
      subversion/tests/cmdline/update_tests.py,
      subversion/tests/cmdline/svnadmin_tests.py,
      disable test in subversion/bindings/swig/ruby/test/test_repos.rb,
      disable diff_repos_wc_add_with_props test in
      subversion/tests/cmdline/diff_tests.py.
 -- Marc Deslauriers <email address hidden> Wed, 26 Jun 2013 15:19:45 -0400

CVE-2013-1845 The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before ...
CVE-2013-1846 The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before ...
CVE-2013-1847 The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through ...
CVE-2013-1849 The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through ...



About   -   Send Feedback to @ubuntu_updates