-
subversion (1.8.13-1ubuntu3) wily; urgency=medium
* No-change rebuild to add ruby2.2 support.
-- Matthias Klose <email address hidden> Tue, 08 Sep 2015 14:49:49 +0000
-
subversion (1.8.13-1ubuntu2) wily; urgency=medium
* SECURITY UPDATE: incorrect anonymous access restriction
- debian/patches/CVE-2015-3184.patch: use force_authn() in Makefile.in,
build/ac-macros/apache.m4, build/run_tests.py,
subversion/mod_authz_svn/mod_authz_svn.c,
subversion/tests/cmdline/README,
subversion/tests/cmdline/davautocheck.sh,
subversion/tests/cmdline/mod_authz_svn_tests.py,
subversion/tests/cmdline/svntest/main.py, win-tests.py.
- CVE-2015-3184
* SECURITY UPDATE: sensitive path information disclosure
- debian/patches/CVE-2015-3187.patch: fix order in
subversion/libsvn_repos/rev_hunt.c, added tests to
subversion/tests/cmdline/authz_tests.py,
subversion/tests/libsvn_repos/repos-test.c.
- CVE-2015-3187
* debian/control: Depend on specific version of apache2-dev and
apache2-bin to make sure fix for CVE-2015-3185 is included.
-- Marc Deslauriers <email address hidden> Wed, 19 Aug 2015 11:20:08 -0400
-
subversion (1.8.13-1ubuntu1) wily; urgency=medium
* Resynchronise with Debian. Remaining changes:
- debian/rules: Manually create the doxygen output directory, otherwise
we get weird build failures when running parallel builds.
- Build a python-subversion-dbg package.
- Build-depend on python-all-dbg.
- Only build on requested python versions (X-Python-Versions:).
- debian/patches/verbose-tests: Make tests verbose.
subversion (1.8.13-1) unstable; urgency=medium
* New upstream release. Refresh patches.
- Remove backported patches CVE-2014-8108, CVE-2014-3580, CVE-2015-0202,
CVE-2015-0248, CVE-2015-0251, ruby2.0-build-fixes, and
test-failure-with-optimizations.
* Add patches wc-queries-test1-r1672295 and wc-queries-test2-r1673691, from
upstream, to fix wc-queries test failures with new SQLite versions.
(Closes: #785496)
subversion (1.8.10-6) unstable; urgency=high
* patches/CVE-2015-0202: Excessive memory use with certain REPORT requests
against mod_dav_svn with FSFS repositories
* patches/CVE-2015-0248: Assertion DoS vulnerability for certain mod_dav_svn
and svnserve requests with dynamically evaluated revision numbers
* patches/CVE-2015-0251: mod_dav_svn allows spoofing svn:author property
values for new revisions
-- Colin Watson <email address hidden> Thu, 06 Aug 2015 11:15:12 +0100
-
subversion (1.8.10-5ubuntu1) vivid; urgency=medium
* Resynchronise with Debian. Remaining changes:
- debian/rules: Manually create the doxygen output directory, otherwise
we get weird build failures when running parallel builds.
- Build a python-subversion-dbg package.
- Build-depend on python-all-dbg.
- Only build on requested python versions (X-Python-Versions:).
- debian/patches/verbose-tests.diff: Make tests verbose.
subversion (1.8.10-5) unstable; urgency=medium
* patches/CVE-2014-8108: mod_dav_svn DoS vulnerability with invalid virtual
transaction names (Closes: #773315)
* patches/CVE-2014-3580: mod_dav_svn DoS vulnerability with invalid REPORT
requests (Closes: #773263)
-- Colin Watson <email address hidden> Sun, 04 Jan 2015 21:49:36 +0000
