This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
This update fixes the following issues with subversion :
- bnc#850747: update to 1.7.14
- CVE-2013-4505: mod_dontdothat does not restrict requests
from serf clients.
- CVE-2013-4558: mod_dav_svn assertion triggered by
+ Client- and server-side bugfixes :
- fix assertion on urls of the form 'file://./'
+ Client-side bugfixes :
- upgrade: fix an assertion when used with pre-1.3 wcs
- fix externals that point at redirected locations
- diff: fix incorrect calculation of changes in some cases
- diff: fix errors with added/deleted targets
+ Server-side bugfixes :
- mod_dav_svn: Prevent crashes with some 3rd party modules
- fix OOM on concurrent requests at threaded server start
- fsfs: limit commit time of files with deep change
- mod_dav_svn: canonicalize paths properly
+ Other tool improvements and bugfixes :
- mod_dontdothat: Fix the uri parser
+ Developer-visible changes :
- javahl: canonicalize path for streamFileContent method
+ require python-sqlite when running regression tests
See also :
Update the affected subversion packages.
Risk factor :
Low / CVSS Base Score : 3.5
CVSS Temporal Score : 3.0
Public Exploit Available : false