ports/177648: [patch] devel/subversion security update
Olli Hauer
ohauer at FreeBSD.org
Fri Apr 5 06:00:00 UTC 2013
>Number: 177648
>Category: ports
>Synopsis: [patch] devel/subversion security update
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri Apr 05 06:00:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Olli Hauer
>Release: FreeBSD 8.3-RELEASE-p3 amd64
>Organization:
>Environment:
>Description:
This release addesses five security issues:
CVE-2013-1845: mod_dav_svn excessive memory usage from property changes
CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs
CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs
CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs
CVE-2013-1884: mod_dav_svn crashes on out of range limit in log REPORT request
More information on these vulnerabilities, including the relevent advisories
and potential attack vectors and workarounds, can be found on the Subversion
security website:
http://subversion.apache.org/security/
>How-To-Repeat:
>Fix:
--- subversion.diff begins here ---
Index: subversion/Makefile.common
===================================================================
--- subversion/Makefile.common (revision 315729)
+++ subversion/Makefile.common (working copy)
@@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= subversion
-PORTVERSION= 1.7.8
+PORTVERSION= 1.7.9
PORTREVISION?= 0
CATEGORIES+= devel
MASTER_SITES= ${MASTER_SITE_APACHE:S/$/:main/} \
Index: subversion/distinfo
===================================================================
--- subversion/distinfo (revision 315729)
+++ subversion/distinfo (working copy)
@@ -1,5 +1,5 @@
-SHA256 (subversion17/subversion-1.7.8.tar.bz2) = fc83d4d98ccea8b7bfa8f5c20fff545c8baa7d035db930977550c51c6ca23686
-SIZE (subversion17/subversion-1.7.8.tar.bz2) = 6023912
+SHA256 (subversion17/subversion-1.7.9.tar.bz2) = f8454c585f99afed764232a5048d9b8bfd0a25a9ab8e339ea69fe1204c453ef4
+SIZE (subversion17/subversion-1.7.9.tar.bz2) = 6040347
SHA256 (subversion17/svn-book-html-r4304.tar.bz2) = a63d958b1ae70daf2ac93a53ece70a0ba0f8f7de7af3f74a665fe44b8f50ca14
SIZE (subversion17/svn-book-html-r4304.tar.bz2) = 467806
SHA256 (subversion17/svn-book-r4304.pdf) = 1b2cada79db8268fd6cd55fac4e5ee04c1e2977bbc587fa1098bd3613b9689b2
--- subversion.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list