Debian
subversion package

Change logs for subversion source package in Lenny

  1. Lenny (5.0)
  2. Change log 
  • subversion (1.5.1dfsg1-7) oldstable-security; urgency=high


  [ Michael Diers ]
  * patches/cve-2011-1752: New patch for CVE-2011-1752, fixing a remotely
    triggered crash in mod_dav_svn, delivering baselined WebDAV resources.
  * patches/cve-2011-1783: New patch for CVE-2011-1783 and CVE-2011-1921,
    fixing remotely triggered memory exhaustion and a content leak of
    files that are meant to be unreadable.

 -- Peter Samuelson <email address hidden>  Tue, 31 May 2011 11:00:32 -0500
  • subversion (1.5.1dfsg1-6) oldstable-security; urgency=high


  * patches/cve-2011-0715: New patch for CVE-2011-0715, fixing a remotely
    triggered crash in mod_dav_svn involving lock tokens.

 -- Peter Samuelson <email address hidden>  Tue, 01 Mar 2011 10:26:16 -0600
  • subversion (1.5.1dfsg1-5) stable-security; urgency=medium
  * Fix CVE-2010-3315: mod_dav_svn can give authorized users higher    privileges than they are configured for, in rare configurations. -- Peter Samuelson <email address hidden>  Thu, 07 Oct 2010 00:56:45 -0500
  • subversion (1.5.1dfsg1-4) stable-security; urgency=high


  * Fix CVE-2009-2411, heap overflows in svndiff stream parsing.

 -- Peter Samuelson <email address hidden>  Wed, 05 Aug 2009 19:54:23 -0500
  • subversion (1.5.1dfsg1-2) unstable; urgency=low


  * patches/merge-revert-error: new patch to fix an error where some
    merges revert other bits of a working copy.  From upstream; thanks to
    Ben Hutchings for the backport and testing.  (Closes: #507764)

 -- Peter Samuelson <email address hidden>  Wed, 31 Dec 2008 00:18:36 -0600
  • subversion (1.5.1dfsg1-1) unstable; urgency=low


  * New upstream release.
    - Fixes some major corner cases in merge tracking.
    - Fixes several crash bugs and regressions from 1.4 -> 1.5.
    - patches/ruby-test-wc-normalize-compared-value: Remove, applied upstream.
  * Symlink libsvn_ra_dav-1.so.1 -> libsvn_ra_neon-1.so.1 to avoid
    breaking old packages that mistakenly linked to ra_dav.  This was not
    and is not supported, but at least one package did it.  (Closes: #490423)
  * Add a NEWS entry for 1.5.x in general.
  * debian/watch: Add dversionmangle setting, thanks to lintian.

 -- Peter Samuelson <email address hidden>  Thu, 24 Jul 2008 15:48:17 -0500