Format: 1.8
Date: Wed, 09 Aug 2017 23:16:19 -0700
Source: subversion
Binary: subversion subversion-dbg libsvn1 libsvn-dev libsvn-doc libapache2-mod-svn libapache2-svn python-subversion python-subversion-dbg subversion-tools libsvn-java libsvn-perl ruby-svn libsvn-ruby1.8
Architecture: amd64 all amd64_translations
Version: 1.9.3-2ubuntu1.1
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lgw01-26.buildd>
Changed-By: Steve Beattie <sbeattie@ubuntu.com>
Description:
 libapache2-mod-svn - Apache Subversion server modules for Apache httpd
 libapache2-svn - Apache Subversion server modules for Apache httpd (dummy package)
 libsvn-dev - Development files for Apache Subversion libraries
 libsvn-doc - Developer documentation for libsvn
 libsvn-java - Java bindings for Apache Subversion
 libsvn-perl - Perl bindings for Apache Subversion
 libsvn-ruby1.8 - Ruby bindings for Apache Subversion (dummy package)
 libsvn1    - Shared libraries used by Apache Subversion
 python-subversion - Python bindings for Apache Subversion
 python-subversion-dbg - Python bindings for Subversion (debug extension)
 ruby-svn   - Ruby bindings for Apache Subversion
 subversion - Advanced version control system
 subversion-dbg - Debug symbols for Apache Subversion
 subversion-tools - Assorted tools related to Apache Subversion
Changes:
 subversion (1.9.3-2ubuntu1.1) xenial-security; urgency=medium
 .
   * SECURITY UPDATE: Arbitrary code execution on clients through
     malicious svn+ssh URLs
     - debian/patches/CVE-2017-9800-1.9.6.patch: ensure that host
       arguments to ssh cannot be treated as ssh options.
     - CVE-2017-9800
   * SECURITY UPDATE: svnserve/sasl may authenticate users using the
     wrong realm.
     - debian/patches/CVE-2016-2167.patch: Reject invalid usernames when
       SASL is being used.
     - CVE-2016-2167
   * SECURITY UPDATE: remotely triggerable crash in the mod_authz_svn
     module.
     - debian/patches/CVE-2016-2167.patch: Reject requests with invalid
       Destination headers.
     - CVE-2016-2168
   * SECURITY UPDATE: denial-of-service caused by exponential XML
     entity expansion ("billion laughs attack").
     - debian/patches/CVE-2016-8734.patch: properly error out the
       parser on invalid data.
     - CVE-2016-8734
Checksums-Sha1:
 611e92edbe934246a8eaea359e4876737472aa6b 934 libapache2-mod-svn-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 a7412a8541782323cbdd68f05f45e4922f6ea19b 82892 libapache2-mod-svn_1.9.3-2ubuntu1.1_amd64.deb
 636c8b6d655a5f1d625d5e2fede3a2fd34dcec00 9046 libapache2-svn_1.9.3-2ubuntu1.1_all.deb
 fcf54bcc5682f5fad1c34357449642aaaebafcdb 908 libsvn-dev-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 733cd56b9868c1b4e3bfad5cd72e90d1d08310db 1453916 libsvn-dev_1.9.3-2ubuntu1.1_amd64.deb
 0a2c8670c5bae8aef63dfc8c81757f5f33eb1538 1355690 libsvn-doc_1.9.3-2ubuntu1.1_all.deb
 dbb14ec34fde843557ec72b77c50834807426baf 944 libsvn-java-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 65bb4bc2cf7de6665102737ae3b8e7e908947fbf 555762 libsvn-java_1.9.3-2ubuntu1.1_amd64.deb
 dea3818b18c445709ab62092885ac26686b16d91 928 libsvn-perl-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 5e054c6754a6627462c6939f6553e7e057b509a1 845078 libsvn-perl_1.9.3-2ubuntu1.1_amd64.deb
 1fcc7280d1cf46131cfc82f9d0cd44101512e834 1020 libsvn-ruby1.8_1.9.3-2ubuntu1.1_all.deb
 8e551b0190616caba3be7cca835d362f1e85dc82 888 libsvn1-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 0b14c321b7b6731e60f1ecfee0961d875a5c7665 1169962 libsvn1_1.9.3-2ubuntu1.1_amd64.deb
 857ff17e44a6554ea627cc05ab4d8928f8f006a6 1785366 python-subversion-dbg_1.9.3-2ubuntu1.1_amd64.deb
 c96a73add3d920cc5cfc1ff1256c971e1ce5e805 553162 python-subversion_1.9.3-2ubuntu1.1_amd64.deb
 d0e2a52acfc2bda27db89a433404074f15f89c7b 940 ruby-svn-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 cd36d50ba78604ca4145425f495b084a4ea0c64c 460316 ruby-svn_1.9.3-2ubuntu1.1_amd64.deb
 a2229a7ab48bb8f54e0395c19b97df17f7a20d3b 9670980 subversion-dbg_1.9.3-2ubuntu1.1_amd64.deb
 d3e638f687bbb940ebf2d07f7e6779d32b6f1077 1078 subversion-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 cd0196cde710a4000593a5c9802288f78d4cd663 1308 subversion-tools-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 1412c0b7e0f27dd521c0cea311bd6223afa4fd5a 177366 subversion-tools_1.9.3-2ubuntu1.1_amd64.deb
 99e21833494345e4ee1b17ed64e15503ca8e161c 308070 subversion_1.9.3-2ubuntu1.1_amd64.deb
 ce152bef969f2d50ba1da8dd751064793aa0eb96 2617120 subversion_1.9.3-2ubuntu1.1_amd64_translations.tar.gz
Checksums-Sha256:
 53d8c13a0965533ec4072801f852acd02893d7ecc1a41287b813af6844647af7 934 libapache2-mod-svn-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 e31084df6b64d1aabed3efac14e90db17051fc395230ae2ebdfaa614cd1b3148 82892 libapache2-mod-svn_1.9.3-2ubuntu1.1_amd64.deb
 8a585e4b2834badce63e1076e05d3def3e5b5ff41a70ec1f60c9bc501a71299f 9046 libapache2-svn_1.9.3-2ubuntu1.1_all.deb
 d4310ecdbb155a58d78f6c3f7c34708b885e419eb4f55e4d609e44fcae17bee4 908 libsvn-dev-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 faf385b15968f9d1fc12d2cdb314e318b64a87dc8a1f19c7694280545fceef6e 1453916 libsvn-dev_1.9.3-2ubuntu1.1_amd64.deb
 ab999dc1b65ff3171b884cc0e596efdcc93ce5b4d0bb52e8515f08d971b47ec5 1355690 libsvn-doc_1.9.3-2ubuntu1.1_all.deb
 e95d85e15c6c273e285fbb0b90e4524e54cf8a61c2fb88bd3c8f60efd74a51d5 944 libsvn-java-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 63417a6ec4b6294be261f94293960fb1fd7657f56128916bdfa7ad1eb4236887 555762 libsvn-java_1.9.3-2ubuntu1.1_amd64.deb
 c1a674cb97845af279f394d965962e046d2b7b33c81958cf339b55e121fdd3ba 928 libsvn-perl-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 84f3c5425477080ef6a3a4679c9b5d9e8a8f871a805d25179208921c8cf0e539 845078 libsvn-perl_1.9.3-2ubuntu1.1_amd64.deb
 04e86ea796e3e0920643b1a95398a4e5007580332bcfa5eef522748ce2844b2e 1020 libsvn-ruby1.8_1.9.3-2ubuntu1.1_all.deb
 c4acd3fccc0c439afc076855f52bad51e1c59f4f78ab3792033f9ef212b6fb94 888 libsvn1-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 ae8c9600dfa930a33b46308918ae2ceca86cb43d1609278e80f42026f5f16ae3 1169962 libsvn1_1.9.3-2ubuntu1.1_amd64.deb
 a1a5f6a24c26556a5480874413c3e12c3f6f8a21365413c2653de4bc395368be 1785366 python-subversion-dbg_1.9.3-2ubuntu1.1_amd64.deb
 67081e3a994088efb1c451a75647e97a71a6188f18ccdadf981a7f5463caaade 553162 python-subversion_1.9.3-2ubuntu1.1_amd64.deb
 398ee58d631e6a3afbd4a2b6661292dc7da7314364d74a958991b44fe4ba06d3 940 ruby-svn-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 f48afda83809e1f3d303ced4404195d4dcae1a3f192cccedbe9d93975a50b7d8 460316 ruby-svn_1.9.3-2ubuntu1.1_amd64.deb
 163450fd400adc747dad79dba7f5c3fd29520a39e051e6374420ece89c8dad57 9670980 subversion-dbg_1.9.3-2ubuntu1.1_amd64.deb
 9e6501133e42732588018f380aa4292d30d61c29dd60e133b567560c570b35f3 1078 subversion-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 7a561617516a54f47cd53f464a0389dbfaf3a92c280a608485a826203a830fc1 1308 subversion-tools-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 b08b85c8a628449ceb7ea1006f3e1d7db7246ebaa417bb7bc10792cf3c4c2c17 177366 subversion-tools_1.9.3-2ubuntu1.1_amd64.deb
 f55c26a9f51b1127cea9e4924f65ca1dc3cda969599bb66c437cd04a2b044081 308070 subversion_1.9.3-2ubuntu1.1_amd64.deb
 f9e7b134d72000b1392b4b936fac4d6c45e061ec32900522e868ba7cf2524628 2617120 subversion_1.9.3-2ubuntu1.1_amd64_translations.tar.gz
Files:
 10e62b77db5a3e76d5114d0aaa581cc8 934 httpd extra libapache2-mod-svn-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 c4437f9ed3cc66338791820c55df726d 82892 httpd optional libapache2-mod-svn_1.9.3-2ubuntu1.1_amd64.deb
 a53725b05f41f631e36870170cc20f4f 9046 oldlibs extra libapache2-svn_1.9.3-2ubuntu1.1_all.deb
 78e7a53ef4ecf830ae1be72cd7bab985 908 libdevel extra libsvn-dev-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 3fcdb9dc9e82214cc9d8a9090b03ea9a 1453916 libdevel extra libsvn-dev_1.9.3-2ubuntu1.1_amd64.deb
 f73619a98f144dc3c46c4b5fb3b3dc37 1355690 doc extra libsvn-doc_1.9.3-2ubuntu1.1_all.deb
 6a94af15ae967eb9cd6b0afdf3c761d0 944 java extra libsvn-java-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 6721a18299ad232c4f064fd3cebe2483 555762 java optional libsvn-java_1.9.3-2ubuntu1.1_amd64.deb
 c21ca0469418d1f149466b3d6d971528 928 perl extra libsvn-perl-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 d51ee2cd0b6e7dde8df2e1ee4b4d3a16 845078 perl optional libsvn-perl_1.9.3-2ubuntu1.1_amd64.deb
 8462b69388e76748af5e7cfc9f9c014f 1020 oldlibs extra libsvn-ruby1.8_1.9.3-2ubuntu1.1_all.deb
 670af6bdbbf5bdf8356a6bb6c1815649 888 libs extra libsvn1-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 8dfcbe3ce9ed8623484d9c879c6c6c8b 1169962 libs optional libsvn1_1.9.3-2ubuntu1.1_amd64.deb
 a9bfb0105a80992be38174acf936db96 1785366 python extra python-subversion-dbg_1.9.3-2ubuntu1.1_amd64.deb
 dba205943fe18b743b3bd8fdac89511f 553162 python optional python-subversion_1.9.3-2ubuntu1.1_amd64.deb
 55e84a9bab984b759642e70cfa914320 940 ruby extra ruby-svn-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 3104d1a4bfdfc373e3a5a19e5093effe 460316 ruby optional ruby-svn_1.9.3-2ubuntu1.1_amd64.deb
 71d54535d2b974b29ee4d1f22e36d67b 9670980 debug extra subversion-dbg_1.9.3-2ubuntu1.1_amd64.deb
 158544a30ff043531f28d8496537ff8a 1078 vcs extra subversion-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 c25c2233c52c939b5c5e9d33acd963cb 1308 vcs extra subversion-tools-dbgsym_1.9.3-2ubuntu1.1_amd64.ddeb
 846fdbcb11b190b517cb73d35101b449 177366 vcs extra subversion-tools_1.9.3-2ubuntu1.1_amd64.deb
 031e4a2515708f5fa3b4571b9d1a80a6 308070 vcs optional subversion_1.9.3-2ubuntu1.1_amd64.deb
 56f4a358a8c8ad83ff5c978844f1a107 2617120 raw-translations - subversion_1.9.3-2ubuntu1.1_amd64_translations.tar.gz
Original-Maintainer: Peter Samuelson <peter@p12n.org>