[arch-dev-public] [signoff] subversion-1.6.17-1
Stéphane Gaudreault
stephane at archlinux.org
Sat Jun 4 10:40:47 EDT 2011
Le 4 juin 2011 08:32:52, Pierre Schmitz a écrit :
> On Wed, 1 Jun 2011 21:18:22 -0400, Stéphane Gaudreault wrote:
> > Hi,
> >
> > I updated subversion to 1.6.17, which fix the following security issues [1]
:
> > CVE-2011-1752: Server NULL-pointer dereference
> > CVE-2011-1783: Server memory exhaustion
> > CVE-2011-1921: mod_dav_svn exposure of unreadable paths
> >
> > CVE-2011-0715 : a remotely-triggerable DoS for httpd-based
> >
> > Subversion
> >
> > servers
> >
> > This update also fix FS#24536.
> >
> > Please test and signoff
> >
> > Stéphane
> >
> > [1] Changelogs :
> > - 1.6.17 : http://svn.haxx.se/dev/archive-2011-06/0030.shtml
> > - 1.6.16 : http://svn.haxx.se/dev/archive-2011-03/0122.shtml
>
> You'll need to add sqlite3 as dependency. See
> https://bugs.archlinux.org/task/24250 No idea why namcap does not report
> this issue.
Thank you.
Fixed in trunk. I will rebuild later with the fix for perl 5.14.
Stéphane
More information about the arch-dev-public
mailing list