openSUSE Security Update : subversion (openSUSE-SU-2014:1725-1)
Medium Nessus Plugin ID 80299
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis Apache Subversion update fixes the following security and non security issues.
- Apache Subversion 1.8.11
- This release addresses two security issues: [boo#909935]
- CVE-2014-3580: mod_dav_svn DoS from invalid REPORT requests.
- CVE-2014-8108: mod_dav_svn DoS from use of invalid transaction names.
- Client-side bugfixes :
- checkout/update: fix file externals failing to follow history and subsequently silently failing
- patch: don't skip targets in valid --git difs
- diff: make property output in diffs stable
- diff: fix diff of local copied directory with props
- diff: fix changelist filter for repos-WC and WC-WC
- remove broken conflict resolver menu options that always error out
- improve gpg-agent support
- fix crash in eclipse IDE with GNOME Keyring
- fix externals shadowing a versioned directory
- fix problems working on unix file systems that don't support permissions
- upgrade: keep external registrations
- cleanup: iprove performance of recorded timestamp fixups
- translation updates for German
- Server-side bugfixes :
- disable revprop caching feature due to cache invalidation problems
- skip generating uniquifiers if rep-sharing is not supported
- mod_dav_svn: reject requests with missing repository paths
- mod_dav_svn: reject requests with invalid virtual transaction names
- mod_dav_svn: avoid unneeded memory growth in resource walking
SolutionUpdate the affected subversion packages.