[arch-dev-public] [signoff] subversion-1.6.17-1
Hi, I updated subversion to 1.6.17, which fix the following security issues [1] : CVE-2011-1752: Server NULL-pointer dereference CVE-2011-1783: Server memory exhaustion CVE-2011-1921: mod_dav_svn exposure of unreadable paths CVE-2011-0715 : a remotely-triggerable DoS for httpd-based Subversion servers This update also fix FS#24536. Please test and signoff Stéphane [1] Changelogs : - 1.6.17 : http://svn.haxx.se/dev/archive-2011-06/0030.shtml - 1.6.16 : http://svn.haxx.se/dev/archive-2011-03/0122.shtml
[2011-06-01 21:18:22 -0400] Stéphane Gaudreault:
I updated subversion to 1.6.17, which fix the following security issues [1] :
CVE-2011-1752: Server NULL-pointer dereference CVE-2011-1783: Server memory exhaustion CVE-2011-1921: mod_dav_svn exposure of unreadable paths
CVE-2011-0715 : a remotely-triggerable DoS for httpd-based Subversion servers
This update also fix FS#24536.
Signoff x86_64. -- Gaetan
Le 1 juin 2011 21:18:22, Stéphane Gaudreault a écrit :
Hi,
I updated subversion to 1.6.17, which fix the following security issues [1] :
CVE-2011-1752: Server NULL-pointer dereference CVE-2011-1783: Server memory exhaustion CVE-2011-1921: mod_dav_svn exposure of unreadable paths
CVE-2011-0715 : a remotely-triggerable DoS for httpd-based Subversion servers
This update also fix FS#24536.
Please test and signoff
Stéphane
[1] Changelogs : - 1.6.17 : http://svn.haxx.se/dev/archive-2011-06/0030.shtml - 1.6.16 : http://svn.haxx.se/dev/archive-2011-03/0122.shtml
There is a problem with perl 5.14 [1][2], but I got enough feedback to be confident that a -2 pkg compiled against perl 5.12.3 will not break everything. I am going to push -2 in [extra] and -3 back in [testing] to debug perl stuff. Stéphane [1] https://bugs.archlinux.org/task/24540 [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628507
On Wed, 1 Jun 2011 21:18:22 -0400, Stéphane Gaudreault wrote:
Hi,
I updated subversion to 1.6.17, which fix the following security issues [1] :
CVE-2011-1752: Server NULL-pointer dereference CVE-2011-1783: Server memory exhaustion CVE-2011-1921: mod_dav_svn exposure of unreadable paths
CVE-2011-0715 : a remotely-triggerable DoS for httpd-based Subversion servers
This update also fix FS#24536.
Please test and signoff
Stéphane
[1] Changelogs : - 1.6.17 : http://svn.haxx.se/dev/archive-2011-06/0030.shtml - 1.6.16 : http://svn.haxx.se/dev/archive-2011-03/0122.shtml
You'll need to add sqlite3 as dependency. See https://bugs.archlinux.org/task/24250 No idea why namcap does not report this issue. -- Pierre Schmitz, https://users.archlinux.de/~pierre
Le 4 juin 2011 08:32:52, Pierre Schmitz a écrit :
On Wed, 1 Jun 2011 21:18:22 -0400, Stéphane Gaudreault wrote:
Hi,
I updated subversion to 1.6.17, which fix the following security issues [1] : CVE-2011-1752: Server NULL-pointer dereference CVE-2011-1783: Server memory exhaustion CVE-2011-1921: mod_dav_svn exposure of unreadable paths
CVE-2011-0715 : a remotely-triggerable DoS for httpd-based
Subversion
servers
This update also fix FS#24536.
Please test and signoff
Stéphane
[1] Changelogs : - 1.6.17 : http://svn.haxx.se/dev/archive-2011-06/0030.shtml - 1.6.16 : http://svn.haxx.se/dev/archive-2011-03/0122.shtml
You'll need to add sqlite3 as dependency. See https://bugs.archlinux.org/task/24250 No idea why namcap does not report this issue.
Thank you. Fixed in trunk. I will rebuild later with the fix for perl 5.14. Stéphane
participants (3)
-
Gaetan Bisson
-
Pierre Schmitz
-
Stéphane Gaudreault