subversion 1.8.8-1ubuntu3.2 source package in Ubuntu
Changelog
subversion (1.8.8-1ubuntu3.2) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via non-existing REPORT request
- debian/patches/CVE-2014-3580.patch: make sure repo patchs are
specified in subversion/mod_dav_svn/reports/deleted-rev.c,
subversion/mod_dav_svn/reports/file-revs.c,
subversion/mod_dav_svn/reports/get-location-segments.c,
subversion/mod_dav_svn/reports/get-locations.c,
subversion/mod_dav_svn/reports/inherited-props.c,
subversion/mod_dav_svn/reports/log.c,
subversion/mod_dav_svn/reports/mergeinfo.c.
- CVE-2014-3580
* SECURITY UPDATE: denial of service via non-existing virtual transaction
name
- debian/patches/CVE-2014-8108.patch: check transaction names and
activity ids in subversion/mod_dav_svn/repos.c.
- CVE-2014-8108
* SECURITY UPDATE: denial of service via large number of REPORT requests
- debian/patches/CVE-2015-0202.patch: refactor locking in
subversion/libsvn_fs_fs/tree.c.
- CVE-2015-0202
* SECURITY UPDATE: denial of service via crafted parameter combinations
- debian/patches/CVE-2015-0248.patch: properly handle missing revision
numbers in subversion/mod_dav_svn/reports/get-location-segments.c,
subversion/svnserve/serve.c.
- CVE-2015-0248
* SECURITY UPDATE: svn:author property spoofing issue
- debian/patches/CVE-2015-0251.patch: restrict svn:author modifications
in subversion/mod_dav_svn/deadprops.c.
- CVE-2015-0251
* SECURITY UPDATE: incorrect anonymous access restriction
- debian/patches/CVE-2015-3184.patch: use force_authn() in Makefile.in,
build/ac-macros/apache.m4, build/run_tests.py,
subversion/mod_authz_svn/mod_authz_svn.c,
subversion/tests/cmdline/README,
subversion/tests/cmdline/davautocheck.sh,
subversion/tests/cmdline/mod_authz_svn_tests.py,
subversion/tests/cmdline/svntest/main.py, win-tests.py.
- CVE-2015-3184
* SECURITY UPDATE: sensitive path information disclosure
- debian/patches/CVE-2015-3187.patch: fix order in
subversion/libsvn_repos/rev_hunt.c, added tests to
subversion/tests/cmdline/authz_tests.py,
subversion/tests/libsvn_repos/repos-test.c.
- CVE-2015-3187
* debian/control: Depend on specific version of apache2-dev and
apache2-bin to make sure fix for CVE-2015-3185 is included.
-- Marc Deslauriers <email address hidden> Wed, 19 Aug 2015 14:32:44 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Trusty
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- vcs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| subversion_1.8.8.orig.tar.gz | 8.8 MiB | a8c398d518cdeb1daa97d74447cc8a3150f43bbee4de0c71d4fe0c86df841bc2 |
| subversion_1.8.8-1ubuntu3.2.diff.gz | 295.2 KiB | 419e3fab5ce3692b526859ef778a41cc247e1f12157373f3e6ed0d2faac3c699 |
| subversion_1.8.8-1ubuntu3.2.dsc | 3.0 KiB | 8e329c9eadf1f281021c20427a77967b3ee42a9cbbad49250159cdc033e1c5dd |
Available diffs
Binary packages built by this source
- libapache2-mod-svn: Apache Subversion server modules for Apache httpd
This package provides the mod_dav_svn and mod_authz_svn modules for
the Apache 2.4 web server. These modules provide Apache Subversion's WebDAV
server backend, to serve repositories over the http and https
protocols. See the 'subversion' package for more information.
- libapache2-mod-svn-dbgsym: debug symbols for package libapache2-mod-svn
This package provides the mod_dav_svn and mod_authz_svn modules for
the Apache 2.4 web server. These modules provide Apache Subversion's WebDAV
server backend, to serve repositories over the http and https
protocols. See the 'subversion' package for more information.
- libapache2-svn: Apache Subversion server modules for Apache httpd (dummy package)
This is a transition package to install the Apache Subversion server
module for Apache httpd. You may remove this package if nothing depends
on it.
- libsvn-dev: Development files for Apache Subversion libraries
This package contains the symlinks, headers, and object files needed
to compile and link programs which use libsvn1, the Apache Subversion
libraries. This package is needed only in order to compile software
that uses libsvn1.
- libsvn-dev-dbgsym: debug symbols for package libsvn-dev
This package contains the symlinks, headers, and object files needed
to compile and link programs which use libsvn1, the Apache Subversion
libraries. This package is needed only in order to compile software
that uses libsvn1.
- libsvn-doc: Developer documentation for libsvn
This package contains development (API) documentation for libsvn1, the
Apache Subversion libraries. See the 'libsvn1' package for more information.
- libsvn-java: Java bindings for Apache Subversion
This is a set of Java classes which provide the functionality of
libsvn, the Apache Subversion libraries. It is useful if you want to,
for example, write a Java class that manipulates a Subversion repository
or working copy. See the 'subversion' package for more information.
- libsvn-java-dbgsym: debug symbols for package libsvn-java
This is a set of Java classes which provide the functionality of
libsvn, the Apache Subversion libraries. It is useful if you want to,
for example, write a Java class that manipulates a Subversion repository
or working copy. See the 'subversion' package for more information.
- libsvn-perl: Perl bindings for Apache Subversion
This is a set of Perl interfaces to libsvn, the Apache Subversion libraries.
It is useful if you want to, for example, write a Perl script that
manipulates a Subversion repository or working copy. See the
'subversion' package for more information.
- libsvn-perl-dbgsym: debug symbols for package libsvn-perl
This is a set of Perl interfaces to libsvn, the Apache Subversion libraries.
It is useful if you want to, for example, write a Perl script that
manipulates a Subversion repository or working copy. See the
'subversion' package for more information.
- libsvn-ruby1.8: Ruby bindings for Apache Subversion (dummy package)
This is a transition package to install the Apache Subversion library
bindings for Ruby 1.8. You may remove this package if nothing depends
on it.
- libsvn1: Shared libraries used by Apache Subversion
This package includes shared libraries to manipulate Apache Subversion
(svn) repositories and working copies. See the 'subversion' package for
more information.
- libsvn1-dbgsym: debug symbols for package libsvn1
This package includes shared libraries to manipulate Apache Subversion
(svn) repositories and working copies. See the 'subversion' package for
more information.
- python-subversion: Python bindings for Apache Subversion
This is a set of Python interfaces to libsvn, the Apache Subversion
libraries. It is useful if you want to, for example, write a Python
script that manipulates a Subversion repository or working copy. See
the 'subversion' package for more information.
- python-subversion-dbg: Python bindings for Subversion (debug extension)
This is a set of Python interfaces to libsvn, the Subversion
libraries. It is useful if you want to, for example, write a Python
script that manipulates a Subversion repository or working copy. See
the 'subversion' package for more information.
.
This package contains the extension built for the python debug interpreter.
- python-subversion-dbgsym: debug symbols for package python-subversion
This is a set of Python interfaces to libsvn, the Apache Subversion
libraries. It is useful if you want to, for example, write a Python
script that manipulates a Subversion repository or working copy. See
the 'subversion' package for more information.
- ruby-svn: Ruby bindings for Apache Subversion
This is a set of Ruby interfaces to libsvn, the Apache Subversion libraries.
It is useful if you want to, for example, write a Ruby script that
manipulates a Subversion repository or working copy. See the
'subversion' package for more information.
- ruby-svn-dbgsym: debug symbols for package ruby-svn
This is a set of Ruby interfaces to libsvn, the Apache Subversion libraries.
It is useful if you want to, for example, write a Ruby script that
manipulates a Subversion repository or working copy. See the
'subversion' package for more information.
- subversion: Advanced version control system
Apache Subversion, also known as svn, is a centralised version control
system. Version control systems allow many individuals (who may be
distributed geographically) to collaborate on a set of files (source
code, websites, etc). Subversion began with a CVS paradigm and
supports all the major features of CVS, but has evolved to support
many features that CVS users often wish they had.
.
This package includes the Subversion client (svn), repository
administration tools (svnadmin, svnlook) and a network server (svnserve).
- subversion-dbg: Debug symbols for Apache Subversion
This package contains debug symbols for libsvn1 and its dependent packages
including subversion, libapache2-mod-svn, and the various programming language
interfaces.
- subversion-dbgsym: debug symbols for package subversion
Apache Subversion, also known as svn, is a centralised version control
system. Version control systems allow many individuals (who may be
distributed geographically) to collaborate on a set of files (source
code, websites, etc). Subversion began with a CVS paradigm and
supports all the major features of CVS, but has evolved to support
many features that CVS users often wish they had.
.
This package includes the Subversion client (svn), repository
administration tools (svnadmin, svnlook) and a network server (svnserve).
- subversion-tools: Assorted tools related to Apache Subversion
This package includes miscellaneous tools for use with Apache Subversion
clients and servers:
* svn-backup-dumps: Incremental dumpfile-based backup script
* svn-bisect: Bisect revisions to find a regression
* svn-clean: Remove unversioned files from a working copy
* svn-fast-backup: rsync-based backup script for FSFS repositories
* svn-hot-backup: Backup script, primarily for BDB repositories
* svn_apply_autoprops: Apply property settings from
.subversion/config file to an existing repository
* svn_load_dirs: Sophisticated replacement for 'svn import'
* svnwrap: Set umask to 002 before calling svn or svnserve
* several example hook scripts: commit-access- control, commit-email,
log-police, mailer, svnperms, verify-po
.
NOTE that some of these scripts are unsupported by upstream, and may
change radically or disappear in future releases. Some of these
scripts require packages on the Recommends list.
