Format: 1.8
Date: Thu, 10 Aug 2017 00:00:57 -0700
Source: subversion
Binary: subversion subversion-dbg libsvn1 libsvn-dev libsvn-doc libapache2-mod-svn libapache2-svn python-subversion python-subversion-dbg subversion-tools libsvn-java libsvn-perl ruby-svn libsvn-ruby1.8
Architecture: all i386_translations i386
Version: 1.8.8-1ubuntu3.3
Distribution: trusty
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy01-02.buildd>
Changed-By: Steve Beattie <sbeattie@ubuntu.com>
Description: 
 libapache2-mod-svn - Apache Subversion server modules for Apache httpd
 libapache2-svn - Apache Subversion server modules for Apache httpd (dummy package)
 libsvn-dev - Development files for Apache Subversion libraries
 libsvn-doc - Developer documentation for libsvn
 libsvn-java - Java bindings for Apache Subversion
 libsvn-perl - Perl bindings for Apache Subversion
 libsvn-ruby1.8 - Ruby bindings for Apache Subversion (dummy package)
 libsvn1    - Shared libraries used by Apache Subversion
 python-subversion - Python bindings for Apache Subversion
 python-subversion-dbg - Python bindings for Subversion (debug extension)
 ruby-svn   - Ruby bindings for Apache Subversion
 subversion - Advanced version control system
 subversion-dbg - Debug symbols for Apache Subversion
 subversion-tools - Assorted tools related to Apache Subversion
Changes: 
 subversion (1.8.8-1ubuntu3.3) trusty-security; urgency=medium
 .
   * SECURITY UPDATE: Arbitrary code execution on clients through
     malicious svn+ssh URLs
     - debian/patches/CVE-2017-9800-1.8.18.patch: ensure that host
       arguments to ssh cannot be treated as ssh options.
     - CVE-2017-9800
   * SECURITY UPDATE: svnserve/sasl may authenticate users using the
     wrong realm.
     - debian/patches/CVE-2016-2167.patch: Reject invalid usernames when
       SASL is being used.
     - CVE-2016-2167
   * SECURITY UPDATE: remotely triggerable crash in the mod_authz_svn
     module.
     - debian/patches/CVE-2016-2167.patch: Reject requests with invalid
       Destination headers.
     - CVE-2016-2168
   * SECURITY UPDATE: denial-of-service caused by exponential XML
     entity expansion ("billion laughs attack").
     - debian/patches/CVE-2016-8734-1,8.patch: properly error out the
       parser on invalid data.
     - CVE-2016-8734
   * SECURITY UPDATE: mod_dav_svn: integer overflow when parsing
     skel-encoded request bodies.
     - debian/patches/CVE-2015-5343.patch: Defer memory allocation
       when reading skel-encoded requests.
     - CVE-2015-5343
Checksums-Sha1: 
 83f5f116167f7b53ccac34ca02ada40af9acb42d 1277276 libsvn-doc_1.8.8-1ubuntu3.3_all.deb
 2ac972060d74b197391ff595cdac37d8874694dd 9820 libapache2-svn_1.8.8-1ubuntu3.3_all.deb
 59f8cb502c7b2af07bc90870a55693e1bb16fdfd 159280 subversion-tools_1.8.8-1ubuntu3.3_all.deb
 e79e1f77c7834a9725a8f6e9278346d9c1c2924f 1016 libsvn-ruby1.8_1.8.8-1ubuntu3.3_all.deb
 023718c01a382f94797f3bf5db4fbeef293adcd9 2570082 subversion_1.8.8-1ubuntu3.3_i386_translations.tar.gz
 0f19cf300fa1dbc3214fd48c073ad4858ee14fcd 277408 subversion_1.8.8-1ubuntu3.3_i386.deb
 bff4451730b65c1ce33ddf661cd0e93fcab7cd4a 7351706 subversion-dbg_1.8.8-1ubuntu3.3_i386.deb
 d230da3aa3317e57fc9c74ea31faa85cf5e5cab0 907288 libsvn1_1.8.8-1ubuntu3.3_i386.deb
 6186d6b4acf7b4953cbef719985c09affce9a88b 1139354 libsvn-dev_1.8.8-1ubuntu3.3_i386.deb
 aa092fbea626db4c66f05ff9e3196f7e4f83244a 80320 libapache2-mod-svn_1.8.8-1ubuntu3.3_i386.deb
 5cf44efe66ce1e15fc302e4a72176890a50dcd0b 461186 python-subversion_1.8.8-1ubuntu3.3_i386.deb
 52495413b95a39e2f10709bd7ccdffd5ec62fabf 1560262 python-subversion-dbg_1.8.8-1ubuntu3.3_i386.deb
 47b2009c6ae8b27ab4bb258b2c3fe6c75f4f75bd 347180 libsvn-java_1.8.8-1ubuntu3.3_i386.deb
 0bc488bee6209f9b777dd43497baf8a9e4c14408 698100 libsvn-perl_1.8.8-1ubuntu3.3_i386.deb
 91113ac4d141575915ad8f21130c390e1a20bd53 385320 ruby-svn_1.8.8-1ubuntu3.3_i386.deb
 f6faf78999acff5955a4cbabf7c4a8325286ffaa 1074 subversion-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
 e24b519ce5cc3719e9035e2d548d83134121aa94 884 libsvn1-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
 d53d1875ac0ff022070f1f2f9ffca8a6ab2866f1 904 libsvn-dev-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
 c6bd2331f5075e2ca8f970cea1881c3b711f976b 932 libapache2-mod-svn-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
 cf4925b59efffd666f8a95f5e0b0378291190159 928 python-subversion-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
 15c1fabfcb7ddceb92a720a6cee85ede482baf32 944 libsvn-java-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
 f826ea191f9efff6e0e03782891713104a689ef9 926 libsvn-perl-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
 f3386231939c41138cd445efc8bd5579154d4d1c 936 ruby-svn-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
Checksums-Sha256: 
 f995140b8d4ebcd91601b5a477e27e598d14701d399a1f56d8b9f9c317639931 1277276 libsvn-doc_1.8.8-1ubuntu3.3_all.deb
 5dc9ec2b9fa3007958d3aac610307cef45d6578e1275640a0d5c89461cce5ae4 9820 libapache2-svn_1.8.8-1ubuntu3.3_all.deb
 33dcfa02d36bd1174b541d5d119d6b12e6cd625d2fabf278604d84a8699db9c3 159280 subversion-tools_1.8.8-1ubuntu3.3_all.deb
 7e5f871b5d018e52aa32f35ec24ea5062f79c5a2ecd36ba69a9f603b7e52a22d 1016 libsvn-ruby1.8_1.8.8-1ubuntu3.3_all.deb
 3c80abc5f916610369cb8fad7d897033b3bb016a5a2233e5994e8e20ef93d884 2570082 subversion_1.8.8-1ubuntu3.3_i386_translations.tar.gz
 2bd68987e873c80f154f35eb0776b2b1a0536d0f299a12ea613b4a25fd8a0de8 277408 subversion_1.8.8-1ubuntu3.3_i386.deb
 3bf67255324ab3a2de0076197935d3c94bdc29942edcbf5c13954ae72545770c 7351706 subversion-dbg_1.8.8-1ubuntu3.3_i386.deb
 bd81ec9fa27ded81195f6538dac3fdc473068a168276772d6e0dd5c51a71843f 907288 libsvn1_1.8.8-1ubuntu3.3_i386.deb
 9ba7fe72b9e19a34905856bb505f12675e7d4742cdf84cfb2c1409030ee63395 1139354 libsvn-dev_1.8.8-1ubuntu3.3_i386.deb
 03dc37f0a3d5cc3bad075631745238bdd6b73eb9f2e48e19625f2d886367149c 80320 libapache2-mod-svn_1.8.8-1ubuntu3.3_i386.deb
 415167f6e4e1489b6ad058578cd1a80c289b5a555a90fe2459b07915cabdbf5f 461186 python-subversion_1.8.8-1ubuntu3.3_i386.deb
 687affd4ba44bb6588ed560676d74597b7489d10b6937d151c49c206f4866017 1560262 python-subversion-dbg_1.8.8-1ubuntu3.3_i386.deb
 1186250ea7dee1e7caa6539fe7566a5d3536796a8bbc7061b9793124222e9a4c 347180 libsvn-java_1.8.8-1ubuntu3.3_i386.deb
 eb8c77c7ada7beeed2689c2d35763113656229babbc454966afd1c64ddecbb85 698100 libsvn-perl_1.8.8-1ubuntu3.3_i386.deb
 dcaefd93368fb9b3732abcf525644bb5f83cbd76e63e93f7ccf2a55ae5b79922 385320 ruby-svn_1.8.8-1ubuntu3.3_i386.deb
 52ad0b7e73feed94594969f93314d369d3c6b53d0656ee56a95ca86662dc87a0 1074 subversion-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
 90ed4b7249c63cf2f2cf4f9410f14e9e902c6a18c3678b01e7d97740c6517018 884 libsvn1-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
 15d897745d0e19367ef0eeedcf6e2c6c5be88dbc58cedb5834949a7a6a98510f 904 libsvn-dev-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
 c3313e96f35e3262f77f6f29437df6642643febdc93c918a6703c361a4a1f3fa 932 libapache2-mod-svn-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
 cdea168243e2854ddd903e4c548072a1017faff82a0d8e775b5e14d35393e77f 928 python-subversion-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
 3801f061b0d887883ea46948da7496ff51a6830c55589868ee82578100a9b8ad 944 libsvn-java-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
 537508b0dac01905ccd1dd71e89797b4aa4d8811d49303f761cd54b82dafc399 926 libsvn-perl-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
 8a80efcc4b57fbd1c9698e2d5a666317668f24436f2ae45d69aad3f1454891d6 936 ruby-svn-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
Files: 
 85d33bd4da3bae0b3ccd80713cc6499b 1277276 doc extra libsvn-doc_1.8.8-1ubuntu3.3_all.deb
 6e2cecfecfb0c4a17e13abc0ca841086 9820 oldlibs extra libapache2-svn_1.8.8-1ubuntu3.3_all.deb
 29fd6c15025d4ebe5763fd2999d45345 159280 vcs extra subversion-tools_1.8.8-1ubuntu3.3_all.deb
 5a740b08ac4aa18c05067eee7c85df34 1016 oldlibs extra libsvn-ruby1.8_1.8.8-1ubuntu3.3_all.deb
 0d7ac96c4c97684e3a68e1b6e69d5cb2 2570082 raw-translations - subversion_1.8.8-1ubuntu3.3_i386_translations.tar.gz
 00f80bad476f3ffebe1a20bd9215d254 277408 vcs optional subversion_1.8.8-1ubuntu3.3_i386.deb
 14b44f86190a3c6336c189f3ddcbf920 7351706 debug extra subversion-dbg_1.8.8-1ubuntu3.3_i386.deb
 f3feaa13aa766fb0acb4d7351bf1e9e7 907288 libs optional libsvn1_1.8.8-1ubuntu3.3_i386.deb
 7ee36b8ffe18ea07464c00f21b3984b0 1139354 libdevel extra libsvn-dev_1.8.8-1ubuntu3.3_i386.deb
 ae952478d5bef98fbdb6e609f32e8466 80320 httpd optional libapache2-mod-svn_1.8.8-1ubuntu3.3_i386.deb
 4de831f85ca7e6de73aee32cf3f61c3f 461186 python optional python-subversion_1.8.8-1ubuntu3.3_i386.deb
 ac0e9bc074d6ef573615660ab4a3d2f5 1560262 python extra python-subversion-dbg_1.8.8-1ubuntu3.3_i386.deb
 315fa08349cea5c0a8b01102736548e2 347180 java optional libsvn-java_1.8.8-1ubuntu3.3_i386.deb
 62d2cd683731b9dd0a90b8962f8a881d 698100 perl optional libsvn-perl_1.8.8-1ubuntu3.3_i386.deb
 1ac6cf03655780b300c574ee1ef73090 385320 ruby optional ruby-svn_1.8.8-1ubuntu3.3_i386.deb
 ef2ade953787f5543dc6e3212c96f8b1 1074 vcs extra subversion-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
 c845f7220209e2db7a716e98e62fb6f8 884 libs extra libsvn1-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
 84a188f0d7af93d968276ebde3766024 904 libdevel extra libsvn-dev-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
 75cbb73cb3da1c579cfc937ddd78af5e 932 httpd extra libapache2-mod-svn-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
 5bc51d21e7fe7df3bd9b6229676131ae 928 python extra python-subversion-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
 5788a588cf3a2f0124a269e65e78abcc 944 java extra libsvn-java-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
 f02046508fa195637a82460506fad041 926 perl extra libsvn-perl-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
 322b19207ff6e6016de99718709c1c80 936 ruby extra ruby-svn-dbgsym_1.8.8-1ubuntu3.3_i386.ddeb
Original-Maintainer: Peter Samuelson <peter@p12n.org>