openSUSE Security Update : subversion (openSUSE-SU-2013:1836-1)
Low Nessus Plugin ID 75223
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update fixes the following issues with subversion (CVE-2013-4505,CVE-2013-4558) :
- bnc#850747: update to 1.8.5
- CVE-2013-4505: mod_dontdothat does not restrict requests from serf clients.
- CVE-2013-4558: mod_dav_svn assertion triggered by autoversioning commits.
+ Client-side bugfixes :
- fix externals that point at redirected locations
- diff: fix assertion with move inside a copy
+ Server-side bugfixes :
- mod_dav_svn: Prevent crashes with some 3rd party modules
- mod_dav_svn: canonicalize paths properly
- mod_authz_svn: fix crash of mod_authz_svn with invalid config
- hotcopy: fix hotcopy losing revprop files in packed repos
+ Other tool improvements and bugfixes :
- mod_dontdothat: Fix the uri parser
+ Developer-visible changes :
- fix compilation with '--enable-optimize' with clang
- add test to fail when built against broken ZLib
+ Bindings :
- ctypes-python: build with compiler selected via configure
- require python-sqlite when running regression tests for all targets, no longer pulled in implicitly
- print error logs on regression test failures
- fix regression tests for ppc/ppc64 architectures, found in openSUSE package build and fixed with upstream developers
- if running regression tests, also run them against bdb backend
- update keyring, use Subversion Project Management Committee keyring rather than all committers
SolutionUpdate the affected subversion packages.