ports/177646: [patch] devel/subversion security update

Olli Hauer ohauer at FreeBSD.org
Fri Apr 5 05:20:00 UTC 2013 

>Number:         177646
>Category:       ports
>Synopsis:       [patch] devel/subversion security update
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 05 05:20:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Olli Hauer
>Release:        FreeBSD 8.3-RELEASE-p3 amd64
>Organization:
>Environment:

>Description:
This release addesses five security issues:
    CVE-2013-1845: mod_dav_svn excessive memory usage from property changes
    CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs
    CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs
    CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs
    CVE-2013-1884: mod_dav_svn crashes on out of range limit in log REPORT request

More information on these vulnerabilities, including the relevent advisories
and potential attack vectors and workarounds, can be found on the Subversion
security website:
    http://subversion.apache.org/security/	

>How-To-Repeat:

>Fix:


--- subversion.diff begins here ---
Index: subversion/Makefile.common
===================================================================
--- subversion/Makefile.common	(revision 315729)
+++ subversion/Makefile.common	(working copy)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	subversion
-PORTVERSION=	1.7.8
+PORTVERSION=	1.7.9
 PORTREVISION?=	0
 CATEGORIES+=	devel
 MASTER_SITES=	${MASTER_SITE_APACHE:S/$/:main/} \
Index: subversion/distinfo
===================================================================
--- subversion/distinfo	(revision 315729)
+++ subversion/distinfo	(working copy)
@@ -1,5 +1,5 @@
-SHA256 (subversion17/subversion-1.7.8.tar.bz2) = fc83d4d98ccea8b7bfa8f5c20fff545c8baa7d035db930977550c51c6ca23686
-SIZE (subversion17/subversion-1.7.8.tar.bz2) = 6023912
+SHA256 (subversion17/subversion-1.7.9.tar.bz2) = f8454c585f99afed764232a5048d9b8bfd0a25a9ab8e339ea69fe1204c453ef4
+SIZE (subversion17/subversion-1.7.9.tar.bz2) = 6040347
 SHA256 (subversion17/svn-book-html-r4304.tar.bz2) = a63d958b1ae70daf2ac93a53ece70a0ba0f8f7de7af3f74a665fe44b8f50ca14
 SIZE (subversion17/svn-book-html-r4304.tar.bz2) = 467806
 SHA256 (subversion17/svn-book-r4304.pdf) = 1b2cada79db8268fd6cd55fac4e5ee04c1e2977bbc587fa1098bd3613b9689b2
--- subversion.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list