-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers
-
Date:
2015-08-19 14:32:44 UTC
-
Revision ID:
package-import@ubuntu.com-20150819143244-hk8eoe9b4gxn3hl0
Tags: 1.8.8-1ubuntu3.2
* SECURITY UPDATE: denial of service via non-existing REPORT request
- debian/patches/CVE-2014-3580.patch: make sure repo patchs are
specified in subversion/mod_dav_svn/reports/deleted-rev.c,
subversion/mod_dav_svn/reports/file-revs.c,
subversion/mod_dav_svn/reports/get-location-segments.c,
subversion/mod_dav_svn/reports/get-locations.c,
subversion/mod_dav_svn/reports/inherited-props.c,
subversion/mod_dav_svn/reports/log.c,
subversion/mod_dav_svn/reports/mergeinfo.c.
- CVE-2014-3580
* SECURITY UPDATE: denial of service via non-existing virtual transaction
name
- debian/patches/CVE-2014-8108.patch: check transaction names and
activity ids in subversion/mod_dav_svn/repos.c.
- CVE-2014-8108
* SECURITY UPDATE: denial of service via large number of REPORT requests
- debian/patches/CVE-2015-0202.patch: refactor locking in
subversion/libsvn_fs_fs/tree.c.
- CVE-2015-0202
* SECURITY UPDATE: denial of service via crafted parameter combinations
- debian/patches/CVE-2015-0248.patch: properly handle missing revision
numbers in subversion/mod_dav_svn/reports/get-location-segments.c,
subversion/svnserve/serve.c.
- CVE-2015-0248
* SECURITY UPDATE: svn:author property spoofing issue
- debian/patches/CVE-2015-0251.patch: restrict svn:author modifications
in subversion/mod_dav_svn/deadprops.c.
- CVE-2015-0251
* SECURITY UPDATE: incorrect anonymous access restriction
- debian/patches/CVE-2015-3184.patch: use force_authn() in Makefile.in,
build/ac-macros/apache.m4, build/run_tests.py,
subversion/mod_authz_svn/mod_authz_svn.c,
subversion/tests/cmdline/README,
subversion/tests/cmdline/davautocheck.sh,
subversion/tests/cmdline/mod_authz_svn_tests.py,
subversion/tests/cmdline/svntest/main.py, win-tests.py.
- CVE-2015-3184
* SECURITY UPDATE: sensitive path information disclosure
- debian/patches/CVE-2015-3187.patch: fix order in
subversion/libsvn_repos/rev_hunt.c, added tests to
subversion/tests/cmdline/authz_tests.py,
subversion/tests/libsvn_repos/repos-test.c.
- CVE-2015-3187
* debian/control: Depend on specific version of apache2-dev and
apache2-bin to make sure fix for CVE-2015-3185 is included.