Fedora 28: subversion Security Update

    Date19 Feb 2019
    CategoryFedora
    87
    Posted ByLinuxSecurity Advisories
    This update includes the latest stable release of _Apache Subversion_, version **1.11.1**. This update fixes a security issue in **mod_dav_svn**, `CVE-2018-11803`: > Malicious SVN clients can trigger a crash in mod_dav_svn by omitting > the root path from a recursive directory listing request. See https://subversion.apache.org/security/CVE-2018-11803-advisory.txt for more
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2019-1f81367ac3
    2019-02-19 05:53:26.749975
    --------------------------------------------------------------------------------
    
    Name        : subversion
    Product     : Fedora 28
    Version     : 1.11.1
    Release     : 1.fc28
    URL         : https://subversion.apache.org/
    Summary     : A Modern Concurrent Version Control System
    Description :
    Subversion is a concurrent version control system which enables one
    or more users to collaborate in developing and maintaining a
    hierarchy of files and directories while keeping a history of all
    changes.  Subversion only stores the differences between versions,
    instead of every complete file.  Subversion is intended to be a
    compelling replacement for CVS.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    This update includes the latest stable release of _Apache Subversion_, version
    **1.11.1**.  This update fixes a security issue in **mod_dav_svn**,
    `CVE-2018-11803`:  > Malicious SVN clients can trigger a crash in mod_dav_svn by
    omitting > the root path from a recursive directory listing request.  See
    https://subversion.apache.org/security/CVE-2018-11803-advisory.txt for more
    information.  ### User-visible changes: #### Minor new features and
    improvements: * Conflict resolver support for added vs unversioned file  *
    Conflict resolver support for unversioned directories  * Improve help for 'svn
    add' and the '-N' option  * Improve display of Mac OS name in 'svn --version
    --verbose'  #### Client-side bugfixes: * Fix: repos-to-WC copy with --parents
    doesn't create dirs ([issue
    4768](https://issues.apache.org/jira/browse/SVN-4768)) * Fix: foreign repo copy
    with peg/operative revisions ([issue
    4785](https://issues.apache.org/jira/browse/SVN-4785)) * Fix: foreign repo copy
    of file adding mergeinfo ([issue
    4792](https://issues.apache.org/jira/browse/SVN-4792)) * Fix: assertion failure
    using -rPREV on a working copy at r0 ([issue
    4532](https://issues.apache.org/jira/browse/SVN-4532)) * Fix: tree conflict
    message ends a sentence with a colon ([issue
    4717](https://issues.apache.org/jira/browse/SVN-4717)) #### Server-side
    bugfixes: * Fix: unexpected SVN_ERR_FS_NOT_DIRECTORY errors ([issue
    4791](https://issues.apache.org/jira/browse/SVN-4791)) * Fix: mod_dav_svn's
    SVNUseUTF8 had no effect in some setups  * Fix crash in mod_http2 ([issue
    4782](https://issues.apache.org/jira/browse/SVN-4782)) #### Other tool
    improvements and bugfixes: * svndumpfilter: Clarify error messages by including
    node path  #### Bindings bugfixes: * JavaHL: Fix crash in client code when using
    external diff  ### Developer-visible changes: #### General: * Fix build on
    systems without python in $PATH  * Fix compiler warnings about indentation
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Fri Jan 11 2019 Joe Orton  - 1.11.1-1
    - update to 1.11.1
    * Wed Oct 31 2018 Joe Orton  - 1.11.0-1
    - update to 1.11.0
    * Thu Oct 11 2018 Joe Orton  - 1.10.3-1
    - update to 1.10.3
    * Fri Jul 20 2018 Joe Orton  - 1.10.2-1
    - update to 1.10.2 (#1603197)
    * Sat Jul 14 2018 Fedora Release Engineering  - 1.10.0-10
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
    * Fri Jun 29 2018 Jitka Plesnikova  - 1.10.0-9
    - Perl 5.28 rebuild
    * Thu Jun 28 2018 Joe Orton  - 1.10.0-8
    - fix test suite invocation
    * Thu Jun 28 2018 Joe Orton  - 1.10.0-7
    - switch build conditional to disable only python bindings
    * Thu May  3 2018 Joe Orton  - 1.10.0-6
    - really disable Berkeley DB support if required by bcond
    - add build conditional to disable swig binding subpackages
    * Tue May  1 2018 Joe Orton  - 1.10.0-5
    - remove build and -devel deps on libgnome-keyring-devel
    * Tue May  1 2018 Joe Orton  - 1.10.0-4
    - drop -devel dep on libserf-devel
    * Tue Apr 24 2018 Joe Orton  - 1.10.0-3
    - add bdb, tests as build conditional
    * Tue Apr 17 2018 Joe Orton  - 1.10.0-2
    - move new tools to -tools
    * Mon Apr 16 2018 Joe Orton  - 1.10.0-1
    - update to 1.10.0 (#1566493)
    * Tue Mar 27 2018 Joe Orton  - 1.9.7-7
    - add build conditionals for python2, python3 and kwallet
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1668807 - CVE-2018-11803 subversion: malicious SVN clients can crash mod_dav_svn
            https://bugzilla.redhat.com/show_bug.cgi?id=1668807
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2019-1f81367ac3' at the command
    line. For more information, refer to the dnf documentation available at
    http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
    List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
    List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    In your opinion, what is the biggest advantage associated with choosing open-source software/products?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote
    8
    radio
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.