Package "libsvn-java"
Name: |
libsvn-java
|
Description: |
Java bindings for Apache Subversion
|
Latest version: |
1.9.3-2ubuntu1.3 |
Release: |
xenial (16.04) |
Level: |
security |
Repository: |
universe |
Head package: |
subversion |
Homepage: |
http://subversion.apache.org/ |
Links
Download "libsvn-java"
Other versions of "libsvn-java" in Xenial
Changelog
subversion (1.9.3-2ubuntu1.3) xenial-security; urgency=medium
* SECURITY UPDATE: Remotely triggerable DoS vulnerability in svnserve
'get-deleted-rev'
- debian/patches/CVE-2018-11782.patch: properly handle certain replies
in subversion/libsvn_ra_svn/client.c, subversion/svnserve/serve.c,
subversion/tests/libsvn_ra/ra-test.c.
- CVE-2018-11782
* SECURITY UPDATE: Remote unauthenticated denial-of-service in svnserve
- debian/patches/CVE-2019-0203.patch: properly handle errors in
subversion/svnserve/serve.c.
- CVE-2019-0203
* WARNING: this update does _not_ include the changes from
(1.9.3-2ubuntu1.2) in xenial-proposed.
-- Marc Deslauriers <email address hidden> Fri, 26 Jul 2019 09:55:16 -0400
|
Source diff to previous version |
|
subversion (1.9.3-2ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: Arbitrary code execution on clients through
malicious svn+ssh URLs
- debian/patches/CVE-2017-9800-1.9.6.patch: ensure that host
arguments to ssh cannot be treated as ssh options.
- CVE-2017-9800
* SECURITY UPDATE: svnserve/sasl may authenticate users using the
wrong realm.
- debian/patches/CVE-2016-2167.patch: Reject invalid usernames when
SASL is being used.
- CVE-2016-2167
* SECURITY UPDATE: remotely triggerable crash in the mod_authz_svn
module.
- debian/patches/CVE-2016-2167.patch: Reject requests with invalid
Destination headers.
- CVE-2016-2168
* SECURITY UPDATE: denial-of-service caused by exponential XML
entity expansion ("billion laughs attack").
- debian/patches/CVE-2016-8734.patch: properly error out the
parser on invalid data.
- CVE-2016-8734
-- Steve Beattie <email address hidden> Wed, 09 Aug 2017 23:16:19 -0700
|
CVE-2017-9800 |
Arbitrary code execution on clients through malicious svn+ssh URLs in svn:externals and svn:sync-from-url |
CVE-2016-2167 |
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication |
CVE-2016-2168 |
The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote |
CVE-2016-8734 |
Unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s):// |
|
About
-
Send Feedback to @ubuntu_updates