Fedora 10 Subversion 1.6.4-2 Critical: Heap Overflow Risk Mitigated

Subversion is a concurrent version control system which enables one

or more users to collaborate in developing and maintaining a

hierarchy of files and directories while keeping a history of all

changes. Subversion only stores the differences between versions,

instead of every complete file. Subversion is intended to be a

compelling replacement for CVS.

This update includes the latest stable release of Subversion, including several enhancements, many bug fixes, and a fix for a security issue: Matt Lewis reported multiple heap overflow flaws in Subversion (servers and clients) when parsing binary deltas. Malicious users with commit access to a vulnerable server could uses these flaws to cause a heap overflow on the server running Subversion. A malicious Subversion server could use these flaws to cause a heap overflow on vulnerable clients when they attempt to checkout or update, resulting in a crash or, possibly, arbitrary code execution on the vulnerable client. (CVE-2009-2411) Version 1.6 offers many bug fixes and enhancements over 1.5, with the notable major features: - identical files share storage space in repository - file-externals support for intra-repository files - "tree" conflicts now handled more gracefully - repository root relative URL support on most commands For more information on changes in 1.6, see ...