Branches for Trusty

Name Status Last Modified Last Commit
lp:ubuntu/trusty/subversion 2 Mature 2014-02-24 11:05:59 UTC
80. Run the tests on powerpc again.

Author: Matthias Klose
Revision Date: 2014-02-24 11:05:59 UTC

Run the tests on powerpc again.

lp:ubuntu/trusty-security/subversion 2 Mature 2015-08-19 14:32:44 UTC
82. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-08-19 14:32:44 UTC

* SECURITY UPDATE: denial of service via non-existing REPORT request
  - debian/patches/CVE-2014-3580.patch: make sure repo patchs are
    specified in subversion/mod_dav_svn/reports/deleted-rev.c,
    subversion/mod_dav_svn/reports/file-revs.c,
    subversion/mod_dav_svn/reports/get-location-segments.c,
    subversion/mod_dav_svn/reports/get-locations.c,
    subversion/mod_dav_svn/reports/inherited-props.c,
    subversion/mod_dav_svn/reports/log.c,
    subversion/mod_dav_svn/reports/mergeinfo.c.
  - CVE-2014-3580
* SECURITY UPDATE: denial of service via non-existing virtual transaction
  name
  - debian/patches/CVE-2014-8108.patch: check transaction names and
    activity ids in subversion/mod_dav_svn/repos.c.
  - CVE-2014-8108
* SECURITY UPDATE: denial of service via large number of REPORT requests
  - debian/patches/CVE-2015-0202.patch: refactor locking in
    subversion/libsvn_fs_fs/tree.c.
  - CVE-2015-0202
* SECURITY UPDATE: denial of service via crafted parameter combinations
  - debian/patches/CVE-2015-0248.patch: properly handle missing revision
    numbers in subversion/mod_dav_svn/reports/get-location-segments.c,
    subversion/svnserve/serve.c.
  - CVE-2015-0248
* SECURITY UPDATE: svn:author property spoofing issue
  - debian/patches/CVE-2015-0251.patch: restrict svn:author modifications
    in subversion/mod_dav_svn/deadprops.c.
  - CVE-2015-0251
* SECURITY UPDATE: incorrect anonymous access restriction
  - debian/patches/CVE-2015-3184.patch: use force_authn() in Makefile.in,
    build/ac-macros/apache.m4, build/run_tests.py,
    subversion/mod_authz_svn/mod_authz_svn.c,
    subversion/tests/cmdline/README,
    subversion/tests/cmdline/davautocheck.sh,
    subversion/tests/cmdline/mod_authz_svn_tests.py,
    subversion/tests/cmdline/svntest/main.py, win-tests.py.
  - CVE-2015-3184
* SECURITY UPDATE: sensitive path information disclosure
  - debian/patches/CVE-2015-3187.patch: fix order in
    subversion/libsvn_repos/rev_hunt.c, added tests to
    subversion/tests/cmdline/authz_tests.py,
    subversion/tests/libsvn_repos/repos-test.c.
  - CVE-2015-3187
* debian/control: Depend on specific version of apache2-dev and
  apache2-bin to make sure fix for CVE-2015-3185 is included.

lp:ubuntu/trusty-updates/subversion 2 Mature 2015-08-19 14:32:44 UTC
82. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-08-19 14:32:44 UTC

* SECURITY UPDATE: denial of service via non-existing REPORT request
  - debian/patches/CVE-2014-3580.patch: make sure repo patchs are
    specified in subversion/mod_dav_svn/reports/deleted-rev.c,
    subversion/mod_dav_svn/reports/file-revs.c,
    subversion/mod_dav_svn/reports/get-location-segments.c,
    subversion/mod_dav_svn/reports/get-locations.c,
    subversion/mod_dav_svn/reports/inherited-props.c,
    subversion/mod_dav_svn/reports/log.c,
    subversion/mod_dav_svn/reports/mergeinfo.c.
  - CVE-2014-3580
* SECURITY UPDATE: denial of service via non-existing virtual transaction
  name
  - debian/patches/CVE-2014-8108.patch: check transaction names and
    activity ids in subversion/mod_dav_svn/repos.c.
  - CVE-2014-8108
* SECURITY UPDATE: denial of service via large number of REPORT requests
  - debian/patches/CVE-2015-0202.patch: refactor locking in
    subversion/libsvn_fs_fs/tree.c.
  - CVE-2015-0202
* SECURITY UPDATE: denial of service via crafted parameter combinations
  - debian/patches/CVE-2015-0248.patch: properly handle missing revision
    numbers in subversion/mod_dav_svn/reports/get-location-segments.c,
    subversion/svnserve/serve.c.
  - CVE-2015-0248
* SECURITY UPDATE: svn:author property spoofing issue
  - debian/patches/CVE-2015-0251.patch: restrict svn:author modifications
    in subversion/mod_dav_svn/deadprops.c.
  - CVE-2015-0251
* SECURITY UPDATE: incorrect anonymous access restriction
  - debian/patches/CVE-2015-3184.patch: use force_authn() in Makefile.in,
    build/ac-macros/apache.m4, build/run_tests.py,
    subversion/mod_authz_svn/mod_authz_svn.c,
    subversion/tests/cmdline/README,
    subversion/tests/cmdline/davautocheck.sh,
    subversion/tests/cmdline/mod_authz_svn_tests.py,
    subversion/tests/cmdline/svntest/main.py, win-tests.py.
  - CVE-2015-3184
* SECURITY UPDATE: sensitive path information disclosure
  - debian/patches/CVE-2015-3187.patch: fix order in
    subversion/libsvn_repos/rev_hunt.c, added tests to
    subversion/tests/cmdline/authz_tests.py,
    subversion/tests/libsvn_repos/repos-test.c.
  - CVE-2015-3187
* debian/control: Depend on specific version of apache2-dev and
  apache2-bin to make sure fix for CVE-2015-3185 is included.

lp:ubuntu/trusty-proposed/subversion bug 1 Development 2014-02-24 11:05:59 UTC
80. Run the tests on powerpc again.

Author: Matthias Klose
Revision Date: 2014-02-24 11:05:59 UTC

Run the tests on powerpc again.

14 of 4 results