subversion 1.8.8-1ubuntu3.3 source package in Ubuntu

Changelog

subversion (1.8.8-1ubuntu3.3) trusty-security; urgency=medium

  * SECURITY UPDATE: Arbitrary code execution on clients through
    malicious svn+ssh URLs
    - debian/patches/CVE-2017-9800-1.8.18.patch: ensure that host
      arguments to ssh cannot be treated as ssh options.
    - CVE-2017-9800
  * SECURITY UPDATE: svnserve/sasl may authenticate users using the
    wrong realm.
    - debian/patches/CVE-2016-2167.patch: Reject invalid usernames when
      SASL is being used.
    - CVE-2016-2167
  * SECURITY UPDATE: remotely triggerable crash in the mod_authz_svn
    module.
    - debian/patches/CVE-2016-2167.patch: Reject requests with invalid
      Destination headers.
    - CVE-2016-2168
  * SECURITY UPDATE: denial-of-service caused by exponential XML
    entity expansion ("billion laughs attack").
    - debian/patches/CVE-2016-8734-1,8.patch: properly error out the
      parser on invalid data.
    - CVE-2016-8734
  * SECURITY UPDATE: mod_dav_svn: integer overflow when parsing
    skel-encoded request bodies.
    - debian/patches/CVE-2015-5343.patch: Defer memory allocation
      when reading skel-encoded requests.
    - CVE-2015-5343

 -- Steve Beattie <email address hidden>  Thu, 10 Aug 2017 00:00:57 -0700

Upload details

Uploaded by:
Steve Beattie
Uploaded to:
Trusty
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
vcs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Trusty updates main devel
Trusty security main devel

Downloads

File Size SHA-256 Checksum
subversion_1.8.8.orig.tar.gz 8.8 MiB a8c398d518cdeb1daa97d74447cc8a3150f43bbee4de0c71d4fe0c86df841bc2
subversion_1.8.8-1ubuntu3.3.diff.gz 299.5 KiB 6145f26ea7324a1f946bfd1e3bc6523a96ad1767a90087255a3ae8338b2f2896
subversion_1.8.8-1ubuntu3.3.dsc 3.0 KiB 9627c2d6ac7363438a862e58feb60944defd76289cb50962f0c25c1ecd8b0abb

View changes file

Binary packages built by this source

libapache2-mod-svn: Apache Subversion server modules for Apache httpd

 This package provides the mod_dav_svn and mod_authz_svn modules for
 the Apache 2.4 web server. These modules provide Apache Subversion's WebDAV
 server backend, to serve repositories over the http and https
 protocols. See the 'subversion' package for more information.

libapache2-mod-svn-dbgsym: debug symbols for package libapache2-mod-svn

 This package provides the mod_dav_svn and mod_authz_svn modules for
 the Apache 2.4 web server. These modules provide Apache Subversion's WebDAV
 server backend, to serve repositories over the http and https
 protocols. See the 'subversion' package for more information.

libapache2-svn: Apache Subversion server modules for Apache httpd (dummy package)

 This is a transition package to install the Apache Subversion server
 module for Apache httpd. You may remove this package if nothing depends
 on it.

libsvn-dev: Development files for Apache Subversion libraries

 This package contains the symlinks, headers, and object files needed
 to compile and link programs which use libsvn1, the Apache Subversion
 libraries. This package is needed only in order to compile software
 that uses libsvn1.

libsvn-dev-dbgsym: debug symbols for package libsvn-dev

 This package contains the symlinks, headers, and object files needed
 to compile and link programs which use libsvn1, the Apache Subversion
 libraries. This package is needed only in order to compile software
 that uses libsvn1.

libsvn-doc: Developer documentation for libsvn

 This package contains development (API) documentation for libsvn1, the
 Apache Subversion libraries. See the 'libsvn1' package for more information.

libsvn-java: Java bindings for Apache Subversion

 This is a set of Java classes which provide the functionality of
 libsvn, the Apache Subversion libraries. It is useful if you want to,
 for example, write a Java class that manipulates a Subversion repository
 or working copy. See the 'subversion' package for more information.

libsvn-java-dbgsym: debug symbols for package libsvn-java

 This is a set of Java classes which provide the functionality of
 libsvn, the Apache Subversion libraries. It is useful if you want to,
 for example, write a Java class that manipulates a Subversion repository
 or working copy. See the 'subversion' package for more information.

libsvn-perl: Perl bindings for Apache Subversion

 This is a set of Perl interfaces to libsvn, the Apache Subversion libraries.
 It is useful if you want to, for example, write a Perl script that
 manipulates a Subversion repository or working copy. See the
 'subversion' package for more information.

libsvn-perl-dbgsym: debug symbols for package libsvn-perl

 This is a set of Perl interfaces to libsvn, the Apache Subversion libraries.
 It is useful if you want to, for example, write a Perl script that
 manipulates a Subversion repository or working copy. See the
 'subversion' package for more information.

libsvn-ruby1.8: Ruby bindings for Apache Subversion (dummy package)

 This is a transition package to install the Apache Subversion library
 bindings for Ruby 1.8. You may remove this package if nothing depends
 on it.

libsvn1: Shared libraries used by Apache Subversion

 This package includes shared libraries to manipulate Apache Subversion
 (svn) repositories and working copies. See the 'subversion' package for
 more information.

libsvn1-dbgsym: debug symbols for package libsvn1

 This package includes shared libraries to manipulate Apache Subversion
 (svn) repositories and working copies. See the 'subversion' package for
 more information.

python-subversion: Python bindings for Apache Subversion

 This is a set of Python interfaces to libsvn, the Apache Subversion
 libraries. It is useful if you want to, for example, write a Python
 script that manipulates a Subversion repository or working copy. See
 the 'subversion' package for more information.

python-subversion-dbg: Python bindings for Subversion (debug extension)

 This is a set of Python interfaces to libsvn, the Subversion
 libraries. It is useful if you want to, for example, write a Python
 script that manipulates a Subversion repository or working copy. See
 the 'subversion' package for more information.
 .
 This package contains the extension built for the python debug interpreter.

python-subversion-dbgsym: debug symbols for package python-subversion

 This is a set of Python interfaces to libsvn, the Apache Subversion
 libraries. It is useful if you want to, for example, write a Python
 script that manipulates a Subversion repository or working copy. See
 the 'subversion' package for more information.

ruby-svn: Ruby bindings for Apache Subversion

 This is a set of Ruby interfaces to libsvn, the Apache Subversion libraries.
 It is useful if you want to, for example, write a Ruby script that
 manipulates a Subversion repository or working copy. See the
 'subversion' package for more information.

ruby-svn-dbgsym: debug symbols for package ruby-svn

 This is a set of Ruby interfaces to libsvn, the Apache Subversion libraries.
 It is useful if you want to, for example, write a Ruby script that
 manipulates a Subversion repository or working copy. See the
 'subversion' package for more information.

subversion: Advanced version control system

 Apache Subversion, also known as svn, is a centralised version control
 system. Version control systems allow many individuals (who may be
 distributed geographically) to collaborate on a set of files (source
 code, websites, etc). Subversion began with a CVS paradigm and
 supports all the major features of CVS, but has evolved to support
 many features that CVS users often wish they had.
 .
 This package includes the Subversion client (svn), repository
 administration tools (svnadmin, svnlook) and a network server (svnserve).

subversion-dbg: Debug symbols for Apache Subversion

 This package contains debug symbols for libsvn1 and its dependent packages
 including subversion, libapache2-mod-svn, and the various programming language
 interfaces.

subversion-dbgsym: debug symbols for package subversion

 Apache Subversion, also known as svn, is a centralised version control
 system. Version control systems allow many individuals (who may be
 distributed geographically) to collaborate on a set of files (source
 code, websites, etc). Subversion began with a CVS paradigm and
 supports all the major features of CVS, but has evolved to support
 many features that CVS users often wish they had.
 .
 This package includes the Subversion client (svn), repository
 administration tools (svnadmin, svnlook) and a network server (svnserve).

subversion-tools: Assorted tools related to Apache Subversion

 This package includes miscellaneous tools for use with Apache Subversion
 clients and servers:
  * svn-backup-dumps: Incremental dumpfile-based backup script
  * svn-bisect: Bisect revisions to find a regression
  * svn-clean: Remove unversioned files from a working copy
  * svn-fast-backup: rsync-based backup script for FSFS repositories
  * svn-hot-backup: Backup script, primarily for BDB repositories
  * svn_apply_autoprops: Apply property settings from
    .subversion/config file to an existing repository
  * svn_load_dirs: Sophisticated replacement for 'svn import'
  * svnwrap: Set umask to 002 before calling svn or svnserve
  * several example hook scripts: commit-access-control, commit-email,
    log-police, mailer, svnperms, verify-po
 .
 NOTE that some of these scripts are unsupported by upstream, and may
 change radically or disappear in future releases. Some of these
 scripts require packages on the Recommends list.