[ubuntu/wily-proposed] subversion 1.8.13-1ubuntu2 (Accepted)

Wed Aug 19 18:29:16 UTC 2015

subversion (1.8.13-1ubuntu2) wily; urgency=medium

  * SECURITY UPDATE: incorrect anonymous access restriction
    - debian/patches/CVE-2015-3184.patch: use force_authn() in Makefile.in,
      build/ac-macros/apache.m4, build/run_tests.py,
      subversion/mod_authz_svn/mod_authz_svn.c,
      subversion/tests/cmdline/README,
      subversion/tests/cmdline/davautocheck.sh,
      subversion/tests/cmdline/mod_authz_svn_tests.py,
      subversion/tests/cmdline/svntest/main.py, win-tests.py.
    - CVE-2015-3184
  * SECURITY UPDATE: sensitive path information disclosure
    - debian/patches/CVE-2015-3187.patch: fix order in
      subversion/libsvn_repos/rev_hunt.c, added tests to
      subversion/tests/cmdline/authz_tests.py,
      subversion/tests/libsvn_repos/repos-test.c.
    - CVE-2015-3187
  * debian/control: Depend on specific version of apache2-dev and
    apache2-bin to make sure fix for CVE-2015-3185 is included.

Date: Wed, 19 Aug 2015 11:20:08 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/subversion/1.8.13-1ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 19 Aug 2015 11:20:08 -0400
Source: subversion
Binary: subversion subversion-dbg libsvn1 libsvn-dev libsvn-doc libapache2-mod-svn libapache2-svn python-subversion python-subversion-dbg subversion-tools libsvn-java libsvn-perl ruby-svn libsvn-ruby1.8
Architecture: source
Version: 1.8.13-1ubuntu2
Distribution: wily
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 libapache2-mod-svn - Apache Subversion server modules for Apache httpd
 libapache2-svn - Apache Subversion server modules for Apache httpd (dummy package)
 libsvn-dev - Development files for Apache Subversion libraries
 libsvn-doc - Developer documentation for libsvn
 libsvn-java - Java bindings for Apache Subversion
 libsvn-perl - Perl bindings for Apache Subversion
 libsvn-ruby1.8 - Ruby bindings for Apache Subversion (dummy package)
 libsvn1    - Shared libraries used by Apache Subversion
 python-subversion - Python bindings for Apache Subversion
 python-subversion-dbg - Python bindings for Subversion (debug extension)
 ruby-svn   - Ruby bindings for Apache Subversion
 subversion - Advanced version control system
 subversion-dbg - Debug symbols for Apache Subversion
 subversion-tools - Assorted tools related to Apache Subversion
Changes:
 subversion (1.8.13-1ubuntu2) wily; urgency=medium
 .
   * SECURITY UPDATE: incorrect anonymous access restriction
     - debian/patches/CVE-2015-3184.patch: use force_authn() in Makefile.in,
       build/ac-macros/apache.m4, build/run_tests.py,
       subversion/mod_authz_svn/mod_authz_svn.c,
       subversion/tests/cmdline/README,
       subversion/tests/cmdline/davautocheck.sh,
       subversion/tests/cmdline/mod_authz_svn_tests.py,
       subversion/tests/cmdline/svntest/main.py, win-tests.py.
     - CVE-2015-3184
   * SECURITY UPDATE: sensitive path information disclosure
     - debian/patches/CVE-2015-3187.patch: fix order in
       subversion/libsvn_repos/rev_hunt.c, added tests to
       subversion/tests/cmdline/authz_tests.py,
       subversion/tests/libsvn_repos/repos-test.c.
     - CVE-2015-3187
   * debian/control: Depend on specific version of apache2-dev and
     apache2-bin to make sure fix for CVE-2015-3185 is included.
Checksums-Sha1:
 dfb1510d00e00addaa9992689980b8fb6f734acf 3191 subversion_1.8.13-1ubuntu2.dsc
 5acd01dadd58e25e203ac05ef5263897d182b2af 293417 subversion_1.8.13-1ubuntu2.diff.gz
Checksums-Sha256:
 7ed29f9d6c2617fce73e5a28b6b7b8045f4a0a40c44f1bc3f84bb3a6940d2cde 3191 subversion_1.8.13-1ubuntu2.dsc
 8689702148d34f1d3dc0d53f97b765a53de7ea03481e0472a1d97de3742c1f34 293417 subversion_1.8.13-1ubuntu2.diff.gz
Files:
 8c2c281203e591f0516dc6c3677064ff 3191 vcs optional subversion_1.8.13-1ubuntu2.dsc
 7a6c6dcddded4113a4b0584ad0d0f222 293417 vcs optional subversion_1.8.13-1ubuntu2.diff.gz
Original-Maintainer: Peter Samuelson <peter at p12n.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJV1MhVAAoJEGVp2FWnRL6Tux4QAKIJj3uaG6ZNJEZ+zVLfFHzd
5z5WBjsMMDeYzvc1JzCz/sOGFgvUQVbrNq0NL73geGtNeunzxHHws8FQmqqDZ45l
MrquWICZiNrF5G36b8Hf2FeU1lvXd7Tuw1lca3gkyHGFQOeQINa+FuFaKlJt0Lhm
qfv0Lz1NGaciKP/h4L11Dm9FTVwqxUufZqBqOPQywBu9j0Vi5S4bIZmP393FDtNV
7ANaTn77FKoWn2YilBJsaghTZFX/Xlu/Pr0z9GU35IM7HrfatEztvWmvp0XkEfUQ
QlFKxqROi4kWH9a4GiD0bmmX25XrbCTm5eE1+E/h3iS/xT98MJZgH/vn9BMZOv95
15RPAcQVo1lFgGfavfzM3lDZq7X71Powcj9tWD/y/spjHLru2GYtCg7iLp2FzlVY
Em9pFOe9mS583gafOkhyvyjRgkHQkasVQQv2z33vqJovqXRrKn6+STXhEazmS+88
IxigXIjNSJnWIBKX6S6XQoE8b4xJJ8zlUglvJdodRwSb9jUU52WIlsL/OW4nLlhc
yNEg9BHnm08ATWsiRNa8Mcu3yYjRSwPi6I6TVtE59kHsvKxGyP0VSB09UtXqe9Ua
kKgijAJ2Q939sM51fGQ3tGmkk3TnpX/u63SGN69kUl9ziyP8btj8Dthu3gjtxGdX
difKbq/piq9AKpqNOh7m
=ARUc
-----END PGP SIGNATURE-----