Consonant with the Subversion 1.8.3 and 1.7.13 releases, I've updated my
github published packages for building them locally on RHEL 6.x. They're at:
https://github.com/nkadel/subversion-1.7.x-srpm
https://github.com/nkadel/subverison-1.8.x-srpm
They're tested and running on some CentOS and Scientific Linux environments
I use, with updated versions of get-deps.sh in the git repository and some
Fedora 19 patches applied for consistency with RHEL environments. For those
of you who need these up to date versions RHEL 6, enjoy!
On Fri, Aug 30, 2013 at 11:58 AM, Ben Reser <breser_at_apache.org> wrote:
> On 8/30/13 8:34 AM, Ben Reser wrote:
> > I'm happy to announce the release of Apache Subversion 1.8.3.
> >
> > Please note that Subversion 1.8.3 is the next release after Subversion
> 1.8.1.
> > The 1.8.2 release was not published publicly, due to issues found
> > during testing.
> >
> > Please choose the mirror closest to you by visiting:
> >
> > http://subversion.apache.org/download/#recommended-release
> >
> > This release addresses three security issues:
> > CVE-2013-4246: fsfs: corruption from editing packed revision
> properties
> > CVE-2013-4262: admin-side tools: symlink attack against pid file
> > CVE-2013-4246: svnserve: symlink attack against pid file
> >
> > More information on these vulnerabilities, including the relevant
> > advisories and potential attack vectors and workarounds, can be found
> > on the Subversion security website:
> > http://subversion.apache.org/security/
>
> CVE-2013-4246 was inadvertantly used twice in this announcement. The
> corrent
> list of security issues follows:
> CVE-2013-4246: fsfs: corruption from editing packed revision
> properties
> CVE-2013-4262: admin-side tools: symlink attack against pid file
> CVE-2013-4277: svnserve: symlink attack against pid file
>
>
>
Received on 2013-09-04 05:22:43 CEST