Debian
subversion package

Change logs for subversion source package in Wheezy

  1. Wheezy (7.0)
  2. Change log 
  • subversion (1.6.17dfsg-4+deb7u10) wheezy-security; urgency=high

  * patches/CVE-2015-3817: svn_repos_trace_node_locations() reveals paths
    hidden by authz

 -- James McCoy <email address hidden>  Sun, 09 Aug 2015 23:39:21 -0400
  • subversion (1.6.17dfsg-4+deb7u8) wheezy-security; urgency=high


  * Fix “undefined symbol: dav_svn__new_error” regression in previous upload.

 -- Florian Weimer <email address hidden>  Sat, 20 Dec 2014 20:43:35 +0100
  • subversion (1.6.17dfsg-4+deb7u6) wheezy; urgency=medium


  * Fix “undefined symbol: dav_svn__new_error” regression in previous upload.
    (Closes: #741314)

 -- James McCoy <email address hidden>  Tue, 11 Mar 2014 21:06:58 -0400
  • subversion (1.6.17dfsg-4+deb7u4) wheezy; urgency=low


  * Non-maintainer upload.
  * patches/python-swig205: Backport upstream patch to fix Python bindings
    when built against swig 2.0.5+.  (Closes: #683188)
  * Remove patches/chunksize-integer.patch

 -- James McCoy <email address hidden>  Wed, 02 Oct 2013 21:40:37 -0400
  • subversion (1.6.17dfsg-4+deb7u3) wheezy-security; urgency=high


  * Non-maintainer upload by the Security Team.
  * Add CVE-2013-1968.patch patch.
    CVE-2013-1968: Subversion FSFS repositories can be corrupted by newline
    characters in filenames. (Closes: #711033)
  * Add CVE-2013-2112.patch patch.
    CVE-2013-2112: Fix remotely triggerable DoS vulnerability. (Closes: #711033)

 -- Salvatore Bonaccorso <email address hidden>  Wed, 05 Jun 2013 23:12:33 +0200
  • subversion (1.6.17dfsg-4+deb7u2) wheezy; urgency=low


  * Non-maintainer upload.
  * Include following security fixes (Closes: #704940):
    - CVE-2013-1845: Remotely triggered memory exhaustion in mod_dav_svn
    - CVE-2013-1846: Remotely triggered crash in mod_dav_svn
    - CVE-2013-1847: Remotely triggered crash in mod_dav_svn
    - CVE-2013-1849: Remotely triggered crash in mod_dav_svn
  * Convert SVN_STREAM_CHUNK_SIZE to an integer in svn/core.py
    (Closes: #683188).

 -- Thomas Preud'homme <email address hidden>  Tue, 16 Apr 2013 14:36:14 +0200
  • subversion (1.6.17dfsg-4+deb7u1) wheezy; urgency=low


  * Non-maintainer upload.
  * No-change rebuild against swig 2.0.7 (closes: #683188)

 -- Julien Cristau <email address hidden>  Fri, 22 Mar 2013 16:29:41 +0100
  • subversion (1.6.17dfsg-4) unstable; urgency=medium


  * Ack NMU, thanks Ondrej.  Urgency medium because the NMU fixes RC bugs.
    - Revert libsvn-java split.  Instead, disable multiarch for libsvn-java.
      If anyone _needs_ multiarch for Java libraries, which I doubt, we
      should come up with a way to produce deterministic jar files.
    - Reintroduce specific db dependencies, so a random binNMU can't
      change the DB version without warning.
  * Disable serf support for now, as this release won't properly work with
    serf 1.0.
  * patches/g++47: New patch to build with g++ 4.7.
  * Policy 3.9.3 (no changes).
  * Move ruby files to /usr/lib/ruby/vendor_ruby per ruby policy.

 -- Peter Samuelson <email address hidden>  Sun, 03 Jun 2012 17:54:15 -0500
  • subversion (1.6.17dfsg-3) unstable; urgency=medium


  * libapache2.preinst: Fix upgrade case from before 1.6.17dfsg-2.
  * libapache2.prerm: 'a2dismod' modules in reverse dependency order.
  * patches/apache_module_dependency: New patch to allow mod_authz_svn to
    load before mod_dav_svn and still use its functions.
    All these together, Closes: #642250.
  * Remove a bit more autofoo in 'clean' target.

 -- Peter Samuelson <email address hidden>  Sat, 19 Nov 2011 18:56:28 -0600
  • subversion (1.6.17dfsg-1) unstable; urgency=high
  * New upstream version.  Includes security fixes:    - CVE-2011-1752: Remotely triggered crash in mod_dav_svn    - CVE-2011-1783: Remotely triggered memory exhaustion in mod_dav_svn    - CVE-2011-1921: Content leak of certain files marked unreadable  * svn-bisect: Support $SVN environment variable, requested by Daniel    Shahaf upstream.  * Update Lintian overrides to account for python through 2.9,    in case that ever comes to be. -- Peter Samuelson <email address hidden>  Wed, 01 Jun 2011 17:07:33 -0500
  • subversion (1.6.16dfsg-1) unstable; urgency=high
  * New upstream version.    - Fixes CVE-2011-0715: Remotely crash mod_dav_svn anonymously via a      lock token.  * patches/change-range: New patch to support -cA-B syntax on command line.  * Stop using svn-make-config.c; we can do the same just by running svn    itself in a controlled home directory.  Delete debian/tools/. -- Peter Samuelson <email address hidden>  Thu, 03 Mar 2011 10:55:42 -0600
  • subversion (1.6.12dfsg-4) unstable; urgency=high
  * patches/loosen-sqlite-version-check: New patch: Relax the SQLite    version check, to match the Debian sqlite3 packaging.    (Closes: #608925)  * patches/cve-2010-4539: New patch for CVE-2010-4539, fixing a remotely    triggered crash in mod_dav_svn involving use of the SVNParentPath    feature.  (Closes: #608989) -- Peter Samuelson <email address hidden>  Wed, 05 Jan 2011 10:43:01 -0600