lp://staging/ubuntu/precise-security/subversion
- Get this branch:
- bzr branch lp://staging/ubuntu/precise-security/subversion
Branch merges
Related source package recipes
Branch information
Recent revisions
- 61. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via non-existing REPORT request
- debian/patches/ CVE-2014- 3580.patch: make sure repo paths are
specified in subversion/mod_dav_ svn/reports/ deleted- rev.c,
subversion/mod_dav_ svn/reports/ file-revs. c,
subversion/mod_dav_ svn/reports/ get-location- segments. c,
subversion/mod_dav_ svn/reports/ get-locations. c,
subversion/mod_dav_ svn/reports/ log.c,
subversion/mod_dav_ svn/reports/ mergeinfo. c.
- CVE-2014-3580
* SECURITY UPDATE: denial of service via crafted parameter combinations
- debian/patches/ CVE-2015- 0248.patch: properly handle missing revision
numbers in subversion/mod_dav_ svn/reports/ get-location- segments. c,
subversion/svnserve/ serve.c.
- CVE-2015-0248
* SECURITY UPDATE: svn:author property spoofing issue
- debian/patches/ CVE-2015- 0251.patch: restrict svn:author modifications
in subversion/mod_dav_ svn/deadprops. c.
- CVE-2015-0251
* SECURITY UPDATE: sensitive path information disclosure
- debian/patches/ CVE-2015- 3187.patch: fix order in
subversion/libsvn_ repos/rev_ hunt.c, added tests to
subversion/tests/cmdline/ authz_tests. py,
subversion/tests/libsvn_ repos/repos- test.c.
- CVE-2015-3187 - 60. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via mod_dav_svn
- debian/patches/ CVE-2014- 0032.patch: only allow GET and HEAD in
subversion/mod_dav_ svn/repos. c.
- CVE-2014-0032
* SECURITY UPDATE: incorrect ssl cert validation
- debian/patches/ CVE-2014- 3522.patch: properly validate hostnames in
subversion/include/ private/ svn_cert. h,
subversion/libsvn_ ra_serf/ util.c,
subversion/libsvn_ subr/dirent_ uri.c,
added tests to subversion/tests/libsvn_ subr/dirent_ uri-test. c.
- CVE-2014-3522
* SECURITY UPDATE: md5 collision authentication leak
- debian/patches/ CVE-2014- 3528.patch: check if realm matches in
subversion/libsvn_ subr/config_ auth.c.
- CVE-2014-3528 - 59. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service in mod_dav_svn
- debian/patches/ CVE-2013- 1845.patch: handle multiple calls in
subversion/mod_dav_ svn/dav_ svn.h, subversion/ mod_dav_ svn/deadprops. c.
- CVE-2013-1845
* SECURITY UPDATE: denial of service in mod_dav_svn via LOCK
- debian/patches/ CVE-2013- 1846_1847. patch: properly validate locks in
subversion/mod_dav_ svn/lock. c.
- CVE-2013-1846
- CVE-2013-1847
* SECURITY UPDATE: denial of service in mod_dav_svn via PROPFIND
- debian/patches/ CVE-2013- 1849.patch: validate type in
subversion/mod_dav_ svn/liveprops. c.
- CVE-2013-1849
* SECURITY UPDATE: repo corruption via newline chars in filenames
- debian/patches/ CVE-2013- 1968.patch: properly escape paths in
subversion/libsvn_ fs_fs/tree. c, added test to
subversion/tests/libsvn_ fs/fs-test. c.
- CVE-2013-1968
* SECURITY UPDATE: denial of service via closed connection
- debian/patches/ CVE-2013- 2112.patch: check for closed connections in
subversion/svnserve/ main.c.
- CVE-2013-2112
* Fix FTBFS from test suite failure because of APR hash ordering change:
- debian/patches/ fix_apr_ ftbfs.patch: ignore ordering in
subversion/bindings/ swig/python/ tests/repositor y.py,
subversion/bindings/ swig/python/ tests/trac/ versioncontrol/ tests/svn_ fs.py,
subversion/bindings/ swig/python/ tests/wc. py,
subversion/bindings/ swig/ruby/ test/test_ client. rb,
subversion/bindings/ swig/ruby/ test/test_ wc.rb,
subversion/tests/cmdline/ stat_tests. py,
subversion/tests/cmdline/ svnlook_ tests.py,
subversion/tests/cmdline/ svntest/ actions. py,
subversion/tests/cmdline/ svntest/ verify. py,
subversion/tests/cmdline/ switch_ tests.py,
subversion/tests/cmdline/ diff_tests. py,
subversion/tests/cmdline/ svnsync_ tests.py,
subversion/tests/cmdline/ update_ tests.py,
subversion/tests/cmdline/ svnadmin_ tests.py,
disable test in subversion/bindings/ swig/ruby/ test/test_ repos.rb,
disable diff_repos_wc_add_ with_props test in
subversion/tests/cmdline/ diff_tests. py. - 56. By Colin Watson
-
* Resynchronise with Debian. Remaining changes:
- Create pot file on build.
- Build a python-subversion- dbg package.
- Build-depend on default-jre-headless/ -jdk.
- Do not apply java-build patch.
- debian/rules: Manually create the doxygen output directory, otherwise
we get weird build failures when running parallel builds.
* Re-enable the serf backend (LP: #830778). - 55. By Colin Watson
-
* Resynchronise with Debian. Remaining changes:
- Create pot file on build.
- Build a python-subversion- dbg package.
- Build-depend on default-jre-headless/ -jdk.
- Do not apply java-build patch.
- debian/rules: Manually create the doxygen output directory, otherwise
we get weird build failures when running parallel builds.
- Disable the serf backend because serf is in universe.
* Sync up python-subversion- dbg control fields with python-subversion. - 53. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via baselined WebDAV resource
request
- debian/patches/ CVE-2011- 1752.patch: disallow GETs of baselined
versions of resources in subversion/mod_dav_ svn/repos. c.
- CVE-2011-1752
* SECURITY UPDATE: mod_dav_svn resource exhaustion via infinite loop
- debian/patches/ CVE-2011- 1783.patch: validate path in
subversion/libsvn_ repos/authz. c.
- CVE-2011-1783
* SECURITY UPDATE: mod_dav_svn permissions bypass via incorrect
resource URL
- debian/patches/ CVE-2011- 1921.patch: validate path in
subversion/mod_dav_ svn/authz. c.
- CVE-2011-1921
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/saucy/subversion
