Apache Subversion 1.8.13 released

From: Stefan Sperling <stsp_at_apache.org>
Date: Tue, 31 Mar 2015 14:02:20 +0200

I'm happy to announce the release of Apache Subversion 1.8.13.

This release addresses 3 security issues.

  CVE-2015-0202: Subversion HTTP servers with FSFS repositories are
                 vulnerable to a remotely triggerable excessive memory
                 use with certain REPORT requests.
  CVE-2015-0248: Subversion mod_dav_svn and svnserve are vulnerable to a
                 remotely triggerable assertion DoS vulnerability for certain
                 requests with dynamically evaluated revision numbers
  CVE-2015-0251: Subversion HTTP servers allow spoofing svn:author property
                 values for new revisions

For details see the advisories at:

    http://subversion.apache.org/security/CVE-2015-0202-advisory.txt
    http://subversion.apache.org/security/CVE-2015-0248-advisory.txt
    http://subversion.apache.org/security/CVE-2015-0251-advisory.txt

Please choose the mirror closest to you by visiting:

http://subversion.apache.org/download/#recommended-release

The SHA1 checksums are:

    aa0bd14ac6a8f0fb178cc9ff325387de01cd7452 subversion-1.8.13.tar.bz2
    a8ac829dd0d575461424fbd2335820f9d094c379 subversion-1.8.13.zip
    437cf662b7ed27d2254aa7ca334fdd74b49262ef subversion-1.8.13.tar.gz

PGP Signatures are available at:

    http://www.apache.org/dist/subversion/subversion-1.8.13.tar.bz2.asc
    http://www.apache.org/dist/subversion/subversion-1.8.13.tar.gz.asc
    http://www.apache.org/dist/subversion/subversion-1.8.13.zip.asc

For this release, the following people have provided PGP signatures:

   Bert Huijben [4096R/CCC8E1DF] with fingerprint:
    3D1D C66D 6D2E 0B90 3952 8138 C4A6 C625 CCC8 E1DF
   Branko Čibej [4096R/A347943F] with fingerprint:
    BA3C 15B1 337C F0FB 222B D41A 1BCA 6586 A347 943F
   Ivan Zhakov [4096R/F6AD8147] with fingerprint:
    4829 8F0F E47F 4B8A 43FD 6525 919F 6F61 F6AD 8147
   Johan Corveleyn [4096R/010C8AAD] with fingerprint:
    8AA2 C10E EAAD 44F9 6972 7AEA B59C E6D6 010C 8AAD
   Julian Foad [4096R/4EECC493] with fingerprint:
    6011 63CF 9D49 9FD7 18CF 582D 1FB0 64B8 4EEC C493
   Philip Martin [2048R/ED1A599C] with fingerprint:
    A844 790F B574 3606 EE95 9207 76D7 88E1 ED1A 599C
   Stefan Fuhrmann [4096R/57921ACC] with fingerprint:
    056F 8016 D9B8 7B1B DE41 7467 99EC 741B 5792 1ACC
   Stefan Sperling [2048R/9A59B973] with fingerprint:
    8BC4 DAE0 C5A4 D65F 4044 0107 4F7D BAA9 9A59 B973

Release notes for the 1.8.x release series may be found at:

http://subversion.apache.org/docs/release-notes/1.8.html

You can find the list of changes between 1.8.13 and earlier versions at:

http://svn.apache.org/repos/asf/subversion/tags/1.8.13/CHANGES

Questions, comments, and bug reports to users_at_subversion.apache.org.

Thanks,
- The Subversion Team
Received on 2015-03-31 14:03:57 CEST

This message: [ Message body ]
Next message: Stefan Sperling: "Apache Subversion 1.7.20 released"
Previous message: Julian Foad: "Re: [PATCH] On the 'ra-git' branch: update to libgit2 v0.22"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]