--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-1748 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1748 2005-02-23 ---------------------------------------------------------------------
Name : subversion Versions : rh9: subversion-0.27.0-4.legacy Summary : A Concurrent Versioning system similar to CVS. Description : Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion also keeps a log of who, when, and why changes occured.
As such it basically does the same thing CVS does (Concurrent Versioning System) but has major enhancements compared to CVS and fixes a lot of the annoyances that CVS users face.
--------------------------------------------------------------------- Update Information:
Updated subversion packages that fix several security issues are now available.
Subversion is a concurrent version control system.
Subversion versions up to 1.0.2 are vulnerable to a date parsing vulnerability which can be abused to allow remote code execution on Subversion servers and therefore could lead to a repository compromise. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0397 to this issue.
Subversion versions up to and including 1.0.4 have a potential Denial of Service and Heap Overflow issue related to the parsing of strings in the 'svn://' family of access protocols. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0413 to this issue.
Users of subversion are advised to upgrade to these errata packages, which contain backported patches correcting these issues.
--------------------------------------------------------------------- Changelogs
rh9:
* Wed Feb 23 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 0.27.0-4.legacy
- Added missing bison, byacc and libxml2-devel BuildPrereq
- Disable make_check
* Mon Jun 14 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 0.27.0-3.legacy
- security patches for CAN-2004-0397 and CAN-2004-0413
--------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums)
rh9:
9d08a9754083238df10241291832f90892f25e8f redhat/9/updates-testing/i386/subversion-0.27.0-4.legacy.i386.rpm
68609fdd91802c5f3fb2f6d1a0fe9ba8e20ece39 redhat/9/updates-testing/i386/subversion-devel-0.27.0-4.legacy.i386.rpm
64c66197355f9424d18e62e589e4d377f4dd9b29 redhat/9/updates-testing/SRPMS/subversion-0.27.0-4.legacy.src.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
