Fedora Legacy Test Update Notification: subversion

Marc Deslauriers marcdeslauriers at videotron.ca
Thu Feb 24 03:58:01 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-1748
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1748
2005-02-23
---------------------------------------------------------------------

Name        : subversion
Versions    : rh9: subversion-0.27.0-4.legacy
Summary     : A Concurrent Versioning system similar to CVS.
Description :
Subversion is a concurrent version control system which enables one or
more users to collaborate in developing and maintaining a hierarchy of
files and directories while keeping a history of all changes.
Subversion only stores the differences between versions, instead of
every complete file.  Subversion also keeps a log of who, when, and why
changes occured.

As such it basically does the same thing CVS does (Concurrent Versioning
System) but has major enhancements compared to CVS and fixes a lot of
the annoyances that CVS users face.

---------------------------------------------------------------------
Update Information:

Updated subversion packages that fix several security issues are now
available.

Subversion is a concurrent version control system.

Subversion versions up to 1.0.2 are vulnerable to a date parsing
vulnerability which can be abused to allow remote code execution on
Subversion servers and therefore could lead to a repository compromise.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0397 to this issue.

Subversion versions up to and including 1.0.4 have a potential Denial of
Service and Heap Overflow issue related to the parsing of strings in the
'svn://' family of access protocols. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0413 to
this issue.

Users of subversion are advised to upgrade to these errata packages,
which contain backported patches correcting these issues.

---------------------------------------------------------------------
Changelogs

rh9:
* Wed Feb 23 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
0.27.0-4.legacy
- Added missing bison, byacc and libxml2-devel BuildPrereq
- Disable make_check

* Mon Jun 14 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 
0.27.0-3.legacy
- security patches for CAN-2004-0397 and CAN-2004-0413

---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedoralegacy.org/
(sha1sums)

rh9:
9d08a9754083238df10241291832f90892f25e8f 
redhat/9/updates-testing/i386/subversion-0.27.0-4.legacy.i386.rpm
68609fdd91802c5f3fb2f6d1a0fe9ba8e20ece39 
redhat/9/updates-testing/i386/subversion-devel-0.27.0-4.legacy.i386.rpm
64c66197355f9424d18e62e589e4d377f4dd9b29 
redhat/9/updates-testing/SRPMS/subversion-0.27.0-4.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050223/1ac84f64/attachment.sig>

More information about the fedora-legacy-list mailing list