Auditorías de Seguridad de Red / Evaluación de vulnerabilidades de SecuritySpace

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-16148
2010-10-12 02:35:11
--------------------------------------------------------------------------------

Name        : subversion
Product     : Fedora 14
Version     : 1.6.13
Release     : 1.fc14
URL         : http://subversion.apache.org/
Summary     : A Modern Concurrent Version Control System
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes.  Subversion only stores the differences between versions,
instead of every complete file.  Subversion is intended to be a
compelling replacement for CVS.

--------------------------------------------------------------------------------
Update Information:

This update includes the latest stable release of Subversion, version 1.6.13.

Subversion servers up to 1.6.12 (inclusive) making use of the
"SVNPathAuthz short_circuit" mod_dav_svn configuration setting have
a bug which may allow users to write and/or read portions of the
repository to which they are not intended to have access.  This issue is fixed in this update.

See http://subversion.apache.org/security/CVE-2010-3315-advisory.txt for further details

A number of bug fixes are also included:

* don't drop properties during foreign-repo merges
* improve auto-props failure error message
* improve error message for 403 status with ra_neon
* don't allow 'merge --reintegrate' for 2-url merges
* improve handling of missing fsfs.conf during hotcopy
* escape unsafe characters in a URL during export
* don't leak stale locks in FSFS
* better detect broken working copies during update over ra_neon
* fsfs: make rev files read-only
* properly canonicalize a URL
* fix wc corruption with 'commit --depth=empty'
* permissions fixes when doing reintegrate merges
* fix mergeinfo miscalculation during 2-url merges
* fix error transmission problems in svnserve
* fixed: record-only merges create self-referential mergeinfo
* make 'svnmucc propset' handle existing and non-existing URLs
* add new 'propsetf' subcommand to svnmucc
* emit a warning about copied dirs during ci with limited depth

--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct  5 2010 Joe Orton <jorton@redhat.com> - 1.6.13-1
- update to 1.6.13
* Tue Sep  7 2010 Joe Orton <jorton@redhat.com> - 1.6.12-5
- add svnserve init script
- split out -libs subpackage
* Fri Sep  3 2010 Joe Orton <jorton@redhat.com> - 1.6.12-4
- restore PIE support
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #640317 - CVE-2010-3315 Subversion: Access restriction bypass by checkout of the root of the repository
        https://bugzilla.redhat.com/show_bug.cgi?id=640317
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update subversion' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce