[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Fedora Legacy Test Update Notification: subversion

From: Marc Deslauriers <marcdeslauriers videotron ca>
To: fedora-legacy-list redhat com
Subject: Fedora Legacy Test Update Notification: subversion
Date: Wed, 23 Feb 2005 22:58:01 -0500

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-1748
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1748
2005-02-23
---------------------------------------------------------------------

Name        : subversion
Versions    : rh9: subversion-0.27.0-4.legacy
Summary     : A Concurrent Versioning system similar to CVS.
Description :
Subversion is a concurrent version control system which enables one or
more users to collaborate in developing and maintaining a hierarchy of
files and directories while keeping a history of all changes.
Subversion only stores the differences between versions, instead of
every complete file.  Subversion also keeps a log of who, when, and why
changes occured.

As such it basically does the same thing CVS does (Concurrent Versioning
System) but has major enhancements compared to CVS and fixes a lot of
the annoyances that CVS users face.

---------------------------------------------------------------------
Update Information:

Updated subversion packages that fix several security issues are now
available.

Subversion is a concurrent version control system.

Subversion versions up to 1.0.2 are vulnerable to a date parsing
vulnerability which can be abused to allow remote code execution on
Subversion servers and therefore could lead to a repository compromise.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0397 to this issue.

Subversion versions up to and including 1.0.4 have a potential Denial of
Service and Heap Overflow issue related to the parsing of strings in the
'svn://' family of access protocols. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0413 to
this issue.

Users of subversion are advised to upgrade to these errata packages,
which contain backported patches correcting these issues.

---------------------------------------------------------------------
Changelogs

rh9: * Wed Feb 23 2005 Marc Deslauriers <marcdeslauriers videotron ca> 0.27.0-4.legacy - Added missing bison, byacc and libxml2-devel BuildPrereq - Disable make_check

* Mon Jun 14 2004 Marc Deslauriers <marcdeslauriers videotron ca> 0.27.0-3.legacy - security patches for CAN-2004-0397 and CAN-2004-0413

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh9: 9d08a9754083238df10241291832f90892f25e8f redhat/9/updates-testing/i386/subversion-0.27.0-4.legacy.i386.rpm 68609fdd91802c5f3fb2f6d1a0fe9ba8e20ece39 redhat/9/updates-testing/i386/subversion-devel-0.27.0-4.legacy.i386.rpm 64c66197355f9424d18e62e589e4d377f4dd9b29 redhat/9/updates-testing/SRPMS/subversion-0.27.0-4.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.

Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]