Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 5 Apr 2013 05:15:09 GMT
From:      Olli Hauer <ohauer@FreeBSD.org>
To:        FreeBSD-gnats-submit@freebsd.org
Cc:        lev@FreeBSD.org
Subject:   ports/177646: [patch] devel/subversion security update
Message-ID:  <201304050515.r355F9SB071931@freefall.freebsd.org>
Resent-Message-ID: <201304050520.r355K0w8071999@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         177646
>Category:       ports
>Synopsis:       [patch] devel/subversion security update
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 05 05:20:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Olli Hauer
>Release:        FreeBSD 8.3-RELEASE-p3 amd64
>Organization:
>Environment:

>Description:
This release addesses five security issues:
    CVE-2013-1845: mod_dav_svn excessive memory usage from property changes
    CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs
    CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs
    CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs
    CVE-2013-1884: mod_dav_svn crashes on out of range limit in log REPORT request

More information on these vulnerabilities, including the relevent advisories
and potential attack vectors and workarounds, can be found on the Subversion
security website:
    http://subversion.apache.org/security/	

>How-To-Repeat:

>Fix:


--- subversion.diff begins here ---
Index: subversion/Makefile.common
===================================================================
--- subversion/Makefile.common	(revision 315729)
+++ subversion/Makefile.common	(working copy)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	subversion
-PORTVERSION=	1.7.8
+PORTVERSION=	1.7.9
 PORTREVISION?=	0
 CATEGORIES+=	devel
 MASTER_SITES=	${MASTER_SITE_APACHE:S/$/:main/} \
Index: subversion/distinfo
===================================================================
--- subversion/distinfo	(revision 315729)
+++ subversion/distinfo	(working copy)
@@ -1,5 +1,5 @@
-SHA256 (subversion17/subversion-1.7.8.tar.bz2) = fc83d4d98ccea8b7bfa8f5c20fff545c8baa7d035db930977550c51c6ca23686
-SIZE (subversion17/subversion-1.7.8.tar.bz2) = 6023912
+SHA256 (subversion17/subversion-1.7.9.tar.bz2) = f8454c585f99afed764232a5048d9b8bfd0a25a9ab8e339ea69fe1204c453ef4
+SIZE (subversion17/subversion-1.7.9.tar.bz2) = 6040347
 SHA256 (subversion17/svn-book-html-r4304.tar.bz2) = a63d958b1ae70daf2ac93a53ece70a0ba0f8f7de7af3f74a665fe44b8f50ca14
 SIZE (subversion17/svn-book-html-r4304.tar.bz2) = 467806
 SHA256 (subversion17/svn-book-r4304.pdf) = 1b2cada79db8268fd6cd55fac4e5ee04c1e2977bbc587fa1098bd3613b9689b2
--- subversion.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201304050515.r355F9SB071931>