-
subversion (1.6.17dfsg-4+deb7u10) wheezy-security; urgency=high
* patches/CVE-2015-3817: svn_repos_trace_node_locations() reveals paths
hidden by authz
-- James McCoy <email address hidden> Sun, 09 Aug 2015 23:39:21 -0400
-
subversion (1.6.17dfsg-4+deb7u8) wheezy-security; urgency=high
* Fix “undefined symbol: dav_svn__new_error” regression in previous upload.
-- Florian Weimer <email address hidden> Sat, 20 Dec 2014 20:43:35 +0100
-
subversion (1.6.17dfsg-4+deb7u6) wheezy; urgency=medium
* Fix “undefined symbol: dav_svn__new_error” regression in previous upload.
(Closes: #741314)
-- James McCoy <email address hidden> Tue, 11 Mar 2014 21:06:58 -0400
-
subversion (1.6.17dfsg-4+deb7u4) wheezy; urgency=low
* Non-maintainer upload.
* patches/python-swig205: Backport upstream patch to fix Python bindings
when built against swig 2.0.5+. (Closes: #683188)
* Remove patches/chunksize-integer.patch
-- James McCoy <email address hidden> Wed, 02 Oct 2013 21:40:37 -0400
-
subversion (1.6.17dfsg-4+deb7u3) wheezy-security; urgency=high
* Non-maintainer upload by the Security Team.
* Add CVE-2013-1968.patch patch.
CVE-2013-1968: Subversion FSFS repositories can be corrupted by newline
characters in filenames. (Closes: #711033)
* Add CVE-2013-2112.patch patch.
CVE-2013-2112: Fix remotely triggerable DoS vulnerability. (Closes: #711033)
-- Salvatore Bonaccorso <email address hidden> Wed, 05 Jun 2013 23:12:33 +0200
-
subversion (1.6.17dfsg-4+deb7u2) wheezy; urgency=low
* Non-maintainer upload.
* Include following security fixes (Closes: #704940):
- CVE-2013-1845: Remotely triggered memory exhaustion in mod_dav_svn
- CVE-2013-1846: Remotely triggered crash in mod_dav_svn
- CVE-2013-1847: Remotely triggered crash in mod_dav_svn
- CVE-2013-1849: Remotely triggered crash in mod_dav_svn
* Convert SVN_STREAM_CHUNK_SIZE to an integer in svn/core.py
(Closes: #683188).
-- Thomas Preud'homme <email address hidden> Tue, 16 Apr 2013 14:36:14 +0200
-
subversion (1.6.17dfsg-4+deb7u1) wheezy; urgency=low
* Non-maintainer upload.
* No-change rebuild against swig 2.0.7 (closes: #683188)
-- Julien Cristau <email address hidden> Fri, 22 Mar 2013 16:29:41 +0100
-
subversion (1.6.17dfsg-4) unstable; urgency=medium
* Ack NMU, thanks Ondrej. Urgency medium because the NMU fixes RC bugs.
- Revert libsvn-java split. Instead, disable multiarch for libsvn-java.
If anyone _needs_ multiarch for Java libraries, which I doubt, we
should come up with a way to produce deterministic jar files.
- Reintroduce specific db dependencies, so a random binNMU can't
change the DB version without warning.
* Disable serf support for now, as this release won't properly work with
serf 1.0.
* patches/g++47: New patch to build with g++ 4.7.
* Policy 3.9.3 (no changes).
* Move ruby files to /usr/lib/ruby/vendor_ruby per ruby policy.
-- Peter Samuelson <email address hidden> Sun, 03 Jun 2012 17:54:15 -0500
-
subversion (1.6.17dfsg-3) unstable; urgency=medium
* libapache2.preinst: Fix upgrade case from before 1.6.17dfsg-2.
* libapache2.prerm: 'a2dismod' modules in reverse dependency order.
* patches/apache_module_dependency: New patch to allow mod_authz_svn to
load before mod_dav_svn and still use its functions.
All these together, Closes: #642250.
* Remove a bit more autofoo in 'clean' target.
-- Peter Samuelson <email address hidden> Sat, 19 Nov 2011 18:56:28 -0600
-
subversion (1.6.17dfsg-1) unstable; urgency=high
* New upstream version. Includes security fixes: - CVE-2011-1752: Remotely triggered crash in mod_dav_svn - CVE-2011-1783: Remotely triggered memory exhaustion in mod_dav_svn - CVE-2011-1921: Content leak of certain files marked unreadable * svn-bisect: Support $SVN environment variable, requested by Daniel Shahaf upstream. * Update Lintian overrides to account for python through 2.9, in case that ever comes to be. -- Peter Samuelson <email address hidden> Wed, 01 Jun 2011 17:07:33 -0500
-
subversion (1.6.16dfsg-1) unstable; urgency=high
* New upstream version. - Fixes CVE-2011-0715: Remotely crash mod_dav_svn anonymously via a lock token. * patches/change-range: New patch to support -cA-B syntax on command line. * Stop using svn-make-config.c; we can do the same just by running svn itself in a controlled home directory. Delete debian/tools/. -- Peter Samuelson <email address hidden> Thu, 03 Mar 2011 10:55:42 -0600
-
subversion (1.6.12dfsg-4) unstable; urgency=high
* patches/loosen-sqlite-version-check: New patch: Relax the SQLite version check, to match the Debian sqlite3 packaging. (Closes: #608925) * patches/cve-2010-4539: New patch for CVE-2010-4539, fixing a remotely triggered crash in mod_dav_svn involving use of the SVNParentPath feature. (Closes: #608989) -- Peter Samuelson <email address hidden> Wed, 05 Jan 2011 10:43:01 -0600