Fedora 22: Security Advisory - Subversion Access Control Flaws

Subversion is a concurrent version control system which enables one

or more users to collaborate in developing and maintaining a

hierarchy of files and directories while keeping a history of all

changes. Subversion only stores the differences between versions,

instead of every complete file. Subversion is intended to be a

compelling replacement for CVS.

This update includes the latest stable release of _Apache Subversion 1.8_, version **1.8.15**. This update fixes two security issues: * **CVE-2015-3184**: Subversion's mod_authz_svn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. https://subversion.apache.org/security/CVE-2015-3184-advisory.txt * **CVE-2015-3187**: Subversion servers, both httpd and svnserve, will reveal some paths that should be hidden by path-based authz. https://subversion.apache.org/security/CVE-2015-3187-advisory.txt ### User- visible changes: #### Client-side bugfixes: * gpg-agent: fix crash with non- canonical $HOME * document svn:autoprops * cp: fix 'svn cp ^/A/D/H@1 ^/A' to properly create A * resolve: improve conflict prompts for binary files * ls: improve performance of '-v' on tag directories * improved Sqlite 3.8.9 query performance regression on externals * fixed [issue 4580](): 'svn -v st' on file externals reports ...