[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Apache Subversion 1.7.9 released

From: Ben Reser <ben_at_reser.org>
Date: Thu, 4 Apr 2013 13:56:29 -0700

I'm happy to announce the release of Apache Subversion 1.7.9.
Please choose the mirror closest to you by visiting:

    http://subversion.apache.org/download/?update=201304041700#recommended-release

This release addesses five security issues:
    CVE-2013-1845: mod_dav_svn excessive memory usage from property changes
    CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs
    CVE-2013-1847: mod_dav_svn crashes on LOCK requests against
non-existant URLs
    CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against
activity URLs
    CVE-2013-1884: mod_dav_svn crashes on out of range limit in log
REPORT request

More information on these vulnerabilities, including the relevent advisories
and potential attack vectors and workarounds, can be found on the Subversion
security website:
    http://subversion.apache.org/security/

The SHA1 checksums are:

    8be7bda6b6abb601885b3586dc2a9a5b29d034b0 subversion-1.7.9.zip
    1f0e23ea585accba98f0ca3bf9354343314caceb subversion-1.7.9.tar.gz
    453757bae78a800997559f2232483ab99238ec1e subversion-1.7.9.tar.bz2

PGP Signatures are available at:

    http://www.apache.org/dist/subversion/subversion-1.7.9.tar.bz2.asc
    http://www.apache.org/dist/subversion/subversion-1.7.9.tar.gz.asc
    http://www.apache.org/dist/subversion/subversion-1.7.9.zip.asc

For this release, the following people have provided PGP signatures:

   Ben Reser [4096R/16A0DE01] with fingerprint:
    19BB CAEF 7B19 B280 A0E2 175E 62D4 8FAD 16A0 DE01
   C. Michael Pilato [4096R/FE681333] with fingerprint:
    753B 2F9D F717 FA23 A43E E7C3 F5E0 F001 FE68 1333
   Ivan Zhakov [4096R/F6AD8147] with fingerprint:
    4829 8F0F E47F 4B8A 43FD 6525 919F 6F61 F6AD 8147
   Mark Phippard [1024D/035A96A9] with fingerprint:
    D315 89DB E1C1 E9BA D218 39FD 265D F8A0 035A 96A9
   Paul T. Burba [4096R/56F3D7BC] with fingerprint:
    1A0F E7C6 B3C5 F8D4 D0C4 A20B 64DD C071 56F3 D7BC
   Philip Martin [2048R/ED1A599C] with fingerprint:
    A844 790F B574 3606 EE95 9207 76D7 88E1 ED1A 599C
   Stefan Sperling [2048R/9A59B973] with fingerprint:
    8BC4 DAE0 C5A4 D65F 4044 0107 4F7D BAA9 9A59 B973

Release notes for the 1.7.x release series may be found at:

    http://subversion.apache.org/docs/release-notes/1.7.html

You can find the list of changes between 1.7.9 and earlier versions at:

    http://svn.apache.org/repos/asf/subversion/tags/1.7.9/CHANGES

Questions, comments, and bug reports to users_at_subversion.apache.org.

Thanks,
- The Subversion Team
Received on 2013-04-04 22:57:09 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.