Bug 11780

subversion-1.7.14-1.mga3 has been submitted.

someone has to submit subversion-1.8.5 in cauldron.

CC: (none) => oe

Thanks Oden!  I sent a freeze push request for Cauldron.

Still waiting for the freeze push in Cauldron.

Packages uploaded for Mageia 3 updates_testing:
subversion-1.7.14-1.mga3
subversion-doc-1.7.14-1.mga3
libsvn0-1.7.14-1.mga3
libsvn-gnome-keyring0-1.7.14-1.mga3
libsvn-kwallet0-1.7.14-1.mga3
subversion-server-1.7.14-1.mga3
subversion-tools-1.7.14-1.mga3
python-svn-1.7.14-1.mga3
ruby-svn-1.7.14-1.mga3
libsvnjavahl1-1.7.14-1.mga3
svn-javahl-1.7.14-1.mga3
perl-SVN-1.7.14-1.mga3
subversion-kwallet-devel-1.7.14-1.mga3
subversion-gnome-keyring-devel-1.7.14-1.mga3
perl-svn-devel-1.7.14-1.mga3
python-svn-devel-1.7.14-1.mga3
ruby-svn-devel-1.7.14-1.mga3
subversion-devel-1.7.14-1.mga3
apache-mod_dav_svn-1.7.14-1.mga3

from subversion-1.7.14-1.mga3.src.rpm

subversion-1.8.5-1.mga4 uploaded for Cauldron.

Version: Cauldron => 3
Blocks: 11726 => (none)
Whiteboard: MGA3TOO => (none)

Advisory:
========================

Updated subversion packages fix security vulnerabilities:

mod_dontdothat allows you to block update REPORT requests against certain paths
in the repository.  It expects the paths in the REPORT request to be absolute
URLs.  Serf based clients send relative URLs instead of absolute URLs in many
cases.  As a result these clients are not blocked as configured by
mod_dontdothat (CVE-2013-4505).

When SVNAutoversioning is enabled via "SVNAutoversioning on", commits can be
made by single HTTP requests such as MKCOL and PUT.  If Subversion is built
with assertions enabled any such requests that have non-canonical URLs, such
as URLs with a trailing /, may trigger an assert.  An assert will cause the
Apache process to abort (CVE-2013-4558).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4558
http://subversion.apache.org/security/CVE-2013-4505-advisory.txt
http://subversion.apache.org/security/CVE-2013-4558-advisory.txt
https://mail-archives.apache.org/mod_mbox/subversion-dev/201311.mbox/%3C52937FE1.2030700@apache.org%3E
========================

Updated packages in core/updates_testing:
========================
subversion-1.7.14-1.mga3
subversion-doc-1.7.14-1.mga3
libsvn0-1.7.14-1.mga3
libsvn-gnome-keyring0-1.7.14-1.mga3
libsvn-kwallet0-1.7.14-1.mga3
subversion-server-1.7.14-1.mga3
subversion-tools-1.7.14-1.mga3
python-svn-1.7.14-1.mga3
ruby-svn-1.7.14-1.mga3
libsvnjavahl1-1.7.14-1.mga3
svn-javahl-1.7.14-1.mga3
perl-SVN-1.7.14-1.mga3
subversion-kwallet-devel-1.7.14-1.mga3
subversion-gnome-keyring-devel-1.7.14-1.mga3
perl-svn-devel-1.7.14-1.mga3
python-svn-devel-1.7.14-1.mga3
ruby-svn-devel-1.7.14-1.mga3
subversion-devel-1.7.14-1.mga3
apache-mod_dav_svn-1.7.14-1.mga3

from subversion-1.7.14-1.mga3.src.rpm

Assignee: bugsquad => qa-bugs

Advisory 11780.adv committed to svn

CC: (none) => davidwhodgins
Whiteboard: (none) => advisory

Testing complete mageia 3 i586 and x86_64. Validating the update.

Someone from the sysadmin team, please push 11780.adv to updates.

Keywords: (none) => validated_update
Whiteboard: advisory => advisory MGA3-64-OK MGA3-32-OK
CC: (none) => sysadmin-bugs

Update pushed:
http://advisories.mageia.org/MGASA-2013-0360.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED