-
subversion (1.6.12dfsg-4ubuntu5.1) oneiric-proposed; urgency=low
* patches/sasl-mem-handling: patch from 1.6.17dfsg-2 to fix a crash with
svn:// URLs and SASL authentication. (LP: #881862)
-- Julian Taylor <email address hidden> Fri, 10 Feb 2012 12:39:33 -0800
-
subversion (1.6.12dfsg-4ubuntu5) oneiric; urgency=low
* SECURITY UPDATE: denial of service via baselined WebDAV resource
request
- debian/patches/CVE-2011-1752.patch: disallow GETs of baselined
versions of resources in subversion/mod_dav_svn/repos.c.
- CVE-2011-1752
* SECURITY UPDATE: mod_dav_svn resource exhaustion via infinite loop
- debian/patches/CVE-2011-1783.patch: validate path in
subversion/libsvn_repos/authz.c.
- CVE-2011-1783
* SECURITY UPDATE: mod_dav_svn permissions bypass via incorrect
resource URL
- debian/patches/CVE-2011-1921.patch: validate path in
subversion/mod_dav_svn/authz.c.
- CVE-2011-1921
-- Marc Deslauriers <email address hidden> Fri, 05 Aug 2011 10:53:00 -0400
-
subversion (1.6.12dfsg-4ubuntu4) oneiric; urgency=low
* Disable KWallet support on armel, again temporarily.
-- Colin Watson <email address hidden> Fri, 06 May 2011 14:21:16 +0100
-
subversion (1.6.12dfsg-4ubuntu3) oneiric; urgency=low
* Temporarily disable Java and tests on armel to resolve a circular
build-depends loop in Oneiric. These will be re-enabled shortly.
-- Colin Watson <email address hidden> Fri, 06 May 2011 12:27:29 +0100
-
subversion (1.6.12dfsg-4ubuntu2) natty; urgency=low
* SECURITY UPDATE: denial of service via request containing lock token
- debian/patches/CVE-2011-0715.patch: correctly handle locks being
passed when authn isn't enabled in subversion/mod_dav_svn/repos.c,
subversion/mod_dav_svn/version.c.
- CVE-2011-0715
-- Marc Deslauriers <email address hidden> Mon, 21 Mar 2011 13:03:32 -0400