← Back to branch summary

~ubuntu-branches/ubuntu/precise/subversion/precise-security

Viewing all changes in revision 60.

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2014-08-13 11:02:34 UTC
  • Revision ID: package-import@ubuntu.com-20140813110234-t5wcaizftttihht4
Tags: 1.6.17dfsg-3ubuntu3.4
* SECURITY UPDATE: denial of service via mod_dav_svn
  - debian/patches/CVE-2014-0032.patch: only allow GET and HEAD in
    subversion/mod_dav_svn/repos.c.
  - CVE-2014-0032
* SECURITY UPDATE: incorrect ssl cert validation
  - debian/patches/CVE-2014-3522.patch: properly validate hostnames in
    subversion/include/private/svn_cert.h,
    subversion/libsvn_ra_serf/util.c,
    subversion/libsvn_subr/dirent_uri.c,
    added tests to subversion/tests/libsvn_subr/dirent_uri-test.c.
  - CVE-2014-3522
* SECURITY UPDATE: md5 collision authentication leak
  - debian/patches/CVE-2014-3528.patch: check if realm matches in
    subversion/libsvn_subr/config_auth.c.
  - CVE-2014-3528

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: