Package "subversion"
Name: |
subversion
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- Apache Subversion server modules for Apache httpd
- Apache Subversion server modules for Apache httpd (dummy package)
- Java bindings for Apache Subversion
- Ruby bindings for Apache Subversion (dummy package)
|
Latest version: |
1.9.3-2ubuntu1.3 |
Release: |
xenial (16.04) |
Level: |
security |
Repository: |
universe |
Links
Other versions of "subversion" in Xenial
Packages in group
Deleted packages are displayed in grey.
Changelog
subversion (1.9.3-2ubuntu1.3) xenial-security; urgency=medium
* SECURITY UPDATE: Remotely triggerable DoS vulnerability in svnserve
'get-deleted-rev'
- debian/patches/CVE-2018-11782.patch: properly handle certain replies
in subversion/libsvn_ra_svn/client.c, subversion/svnserve/serve.c,
subversion/tests/libsvn_ra/ra-test.c.
- CVE-2018-11782
* SECURITY UPDATE: Remote unauthenticated denial-of-service in svnserve
- debian/patches/CVE-2019-0203.patch: properly handle errors in
subversion/svnserve/serve.c.
- CVE-2019-0203
* WARNING: this update does _not_ include the changes from
(1.9.3-2ubuntu1.2) in xenial-proposed.
-- Marc Deslauriers <email address hidden> Fri, 26 Jul 2019 09:55:16 -0400
|
Source diff to previous version |
|
subversion (1.9.3-2ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: Arbitrary code execution on clients through
malicious svn+ssh URLs
- debian/patches/CVE-2017-9800-1.9.6.patch: ensure that host
arguments to ssh cannot be treated as ssh options.
- CVE-2017-9800
* SECURITY UPDATE: svnserve/sasl may authenticate users using the
wrong realm.
- debian/patches/CVE-2016-2167.patch: Reject invalid usernames when
SASL is being used.
- CVE-2016-2167
* SECURITY UPDATE: remotely triggerable crash in the mod_authz_svn
module.
- debian/patches/CVE-2016-2167.patch: Reject requests with invalid
Destination headers.
- CVE-2016-2168
* SECURITY UPDATE: denial-of-service caused by exponential XML
entity expansion ("billion laughs attack").
- debian/patches/CVE-2016-8734.patch: properly error out the
parser on invalid data.
- CVE-2016-8734
-- Steve Beattie <email address hidden> Wed, 09 Aug 2017 23:16:19 -0700
|
CVE-2017-9800 |
Arbitrary code execution on clients through malicious svn+ssh URLs in svn:externals and svn:sync-from-url |
CVE-2016-2167 |
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication |
CVE-2016-2168 |
The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote |
CVE-2016-8734 |
Unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s):// |
|
About
-
Send Feedback to @ubuntu_updates