subversion 1.9.3-2ubuntu1.1 source package in Ubuntu

Changelog

subversion (1.9.3-2ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Arbitrary code execution on clients through
    malicious svn+ssh URLs
    - debian/patches/CVE-2017-9800-1.9.6.patch: ensure that host
      arguments to ssh cannot be treated as ssh options.
    - CVE-2017-9800
  * SECURITY UPDATE: svnserve/sasl may authenticate users using the
    wrong realm.
    - debian/patches/CVE-2016-2167.patch: Reject invalid usernames when
      SASL is being used.
    - CVE-2016-2167
  * SECURITY UPDATE: remotely triggerable crash in the mod_authz_svn
    module.
    - debian/patches/CVE-2016-2167.patch: Reject requests with invalid
      Destination headers.
    - CVE-2016-2168
  * SECURITY UPDATE: denial-of-service caused by exponential XML
    entity expansion ("billion laughs attack").
    - debian/patches/CVE-2016-8734.patch: properly error out the
      parser on invalid data.
    - CVE-2016-8734

 -- Steve Beattie <email address hidden>  Wed, 09 Aug 2017 23:16:19 -0700

Upload details

Uploaded by:
Steve Beattie on 2017-08-10
Uploaded to:
Xenial
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
vcs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Xenial updates on 2017-08-11 main devel
Xenial security on 2017-08-11 main devel

Downloads

File Size SHA-256 Checksum
subversion_1.9.3.orig.tar.gz 10.1 MiB 74cd21d2f8a2a54e4dbd2389fe1605a19dbda8ba88ffc4bb0edc9a66e143cc93
subversion_1.9.3-2ubuntu1.1.diff.gz 2.3 MiB 43ea0c91f14ddee823b7e661e3dec6eaa4eab55d0c9f69c22df4584e8392bbd6
subversion_1.9.3-2ubuntu1.1.dsc 3.2 KiB eb2f59f1a17be16de1094ac1bf9e961eb65dbc55d20f22bdf0c26bf9e181b8ab

View changes file

Binary packages built by this source

libapache2-mod-svn: Apache Subversion server modules for Apache httpd

 This package provides the mod_dav_svn and mod_authz_svn modules for
 the Apache 2.4 web server. These modules provide Apache Subversion's WebDAV
 server backend, to serve repositories over the http and https
 protocols. See the 'subversion' package for more information.

libapache2-mod-svn-dbgsym: debug symbols for package libapache2-mod-svn

 This package provides the mod_dav_svn and mod_authz_svn modules for
 the Apache 2.4 web server. These modules provide Apache Subversion's WebDAV
 server backend, to serve repositories over the http and https
 protocols. See the 'subversion' package for more information.

libapache2-svn: Apache Subversion server modules for Apache httpd (dummy package)

 This is a transition package to install the Apache Subversion server
 module for Apache httpd. You may remove this package if nothing depends
 on it.

libsvn-dev: Development files for Apache Subversion libraries

 This package contains the symlinks, headers, and object files needed
 to compile and link programs which use libsvn1, the Apache Subversion
 libraries. This package is needed only in order to compile software
 that uses libsvn1.

libsvn-dev-dbgsym: debug symbols for package libsvn-dev

 This package contains the symlinks, headers, and object files needed
 to compile and link programs which use libsvn1, the Apache Subversion
 libraries. This package is needed only in order to compile software
 that uses libsvn1.

libsvn-doc: Developer documentation for libsvn

 This package contains development (API) documentation for libsvn1, the
 Apache Subversion libraries. See the 'libsvn1' package for more information.

libsvn-java: Java bindings for Apache Subversion

 This is a set of Java classes which provide the functionality of
 libsvn, the Apache Subversion libraries. It is useful if you want to,
 for example, write a Java class that manipulates a Subversion repository
 or working copy. See the 'subversion' package for more information.

libsvn-java-dbgsym: debug symbols for package libsvn-java

 This is a set of Java classes which provide the functionality of
 libsvn, the Apache Subversion libraries. It is useful if you want to,
 for example, write a Java class that manipulates a Subversion repository
 or working copy. See the 'subversion' package for more information.

libsvn-perl: Perl bindings for Apache Subversion

 This is a set of Perl interfaces to libsvn, the Apache Subversion libraries.
 It is useful if you want to, for example, write a Perl script that
 manipulates a Subversion repository or working copy. See the
 'subversion' package for more information.

libsvn-perl-dbgsym: debug symbols for package libsvn-perl

 This is a set of Perl interfaces to libsvn, the Apache Subversion libraries.
 It is useful if you want to, for example, write a Perl script that
 manipulates a Subversion repository or working copy. See the
 'subversion' package for more information.

libsvn-ruby1.8: Ruby bindings for Apache Subversion (dummy package)

 This is a transition package to install the Apache Subversion library
 bindings for Ruby 1.8. You may remove this package if nothing depends
 on it.

libsvn1: Shared libraries used by Apache Subversion

 This package includes shared libraries to manipulate Apache Subversion
 (svn) repositories and working copies. See the 'subversion' package for
 more information.

libsvn1-dbgsym: debug symbols for package libsvn1

 This package includes shared libraries to manipulate Apache Subversion
 (svn) repositories and working copies. See the 'subversion' package for
 more information.

python-subversion: Python bindings for Apache Subversion

 This is a set of Python interfaces to libsvn, the Apache Subversion
 libraries. It is useful if you want to, for example, write a Python
 script that manipulates a Subversion repository or working copy. See
 the 'subversion' package for more information.

python-subversion-dbg: Python bindings for Subversion (debug extension)

 This is a set of Python interfaces to libsvn, the Subversion
 libraries. It is useful if you want to, for example, write a Python
 script that manipulates a Subversion repository or working copy. See
 the 'subversion' package for more information.
 .
 This package contains the extension built for the python debug interpreter.

ruby-svn: Ruby bindings for Apache Subversion

 This is a set of Ruby interfaces to libsvn, the Apache Subversion libraries.
 It is useful if you want to, for example, write a Ruby script that
 manipulates a Subversion repository or working copy. See the
 'subversion' package for more information.

ruby-svn-dbgsym: debug symbols for package ruby-svn

 This is a set of Ruby interfaces to libsvn, the Apache Subversion libraries.
 It is useful if you want to, for example, write a Ruby script that
 manipulates a Subversion repository or working copy. See the
 'subversion' package for more information.

subversion: Advanced version control system

 Apache Subversion, also known as svn, is a centralised version control
 system. Version control systems allow many individuals (who may be
 distributed geographically) to collaborate on a set of files (source
 code, websites, etc). Subversion began with a CVS paradigm and
 supports all the major features of CVS, but has evolved to support
 many features that CVS users often wish they had.
 .
 This package includes the Subversion client (svn), repository
 administration tools (svnadmin, svnlook) and a network server (svnserve).

subversion-dbg: Debug symbols for Apache Subversion

 This package contains debug symbols for libsvn1 and its dependent packages
 including subversion, libapache2-mod-svn, and the various programming language
 interfaces.

subversion-dbgsym: debug symbols for package subversion

 Apache Subversion, also known as svn, is a centralised version control
 system. Version control systems allow many individuals (who may be
 distributed geographically) to collaborate on a set of files (source
 code, websites, etc). Subversion began with a CVS paradigm and
 supports all the major features of CVS, but has evolved to support
 many features that CVS users often wish they had.
 .
 This package includes the Subversion client (svn), repository
 administration tools (svnadmin, svnlook) and a network server (svnserve).

subversion-tools: Assorted tools related to Apache Subversion

 This package includes miscellaneous tools for use with Apache Subversion
 clients and servers:
  * svn-backup-dumps: Incremental dumpfile-based backup script
  * svn-bisect: Bisect revisions to find a regression
  * svn-clean: Remove unversioned files from a working copy
  * svn-fast-backup: rsync-based backup script for FSFS repositories
  * svn-hot-backup: Backup script, primarily for BDB repositories
  * svn_apply_autoprops: Apply property settings from
    .subversion/config file to an existing repository
  * svn_load_dirs: Sophisticated replacement for 'svn import'
  * svnwrap: Set umask to 002 before calling svn or svnserve
  * fsfs-access-map: Convert strace output into FSFS access map
  * several example hook scripts: commit-access-control, commit-email,
    log-police, mailer, svnperms, verify-po
 .
 NOTE that some of these scripts are unsupported by upstream, and may
 change radically or disappear in future releases. Some of these
 scripts require packages on the Recommends list.

subversion-tools-dbgsym: debug symbols for package subversion-tools

 This package includes miscellaneous tools for use with Apache Subversion
 clients and servers:
  * svn-backup-dumps: Incremental dumpfile-based backup script
  * svn-bisect: Bisect revisions to find a regression
  * svn-clean: Remove unversioned files from a working copy
  * svn-fast-backup: rsync-based backup script for FSFS repositories
  * svn-hot-backup: Backup script, primarily for BDB repositories
  * svn_apply_autoprops: Apply property settings from
    .subversion/config file to an existing repository
  * svn_load_dirs: Sophisticated replacement for 'svn import'
  * svnwrap: Set umask to 002 before calling svn or svnserve
  * fsfs-access-map: Convert strace output into FSFS access map
  * several example hook scripts: commit-access-control, commit-email,
    log-police, mailer, svnperms, verify-po
 .
 NOTE that some of these scripts are unsupported by upstream, and may
 change radically or disappear in future releases. Some of these
 scripts require packages on the Recommends list.