From owner-freebsd-ports-bugs@FreeBSD.ORG Fri Apr 5 05:20:00 2013 Return-Path: Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id B640E7F8 for ; Fri, 5 Apr 2013 05:20:00 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 9D08912D for ; Fri, 5 Apr 2013 05:20:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r355K0C8072000 for ; Fri, 5 Apr 2013 05:20:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r355K0w8071999; Fri, 5 Apr 2013 05:20:00 GMT (envelope-from gnats) Resent-Date: Fri, 5 Apr 2013 05:20:00 GMT Resent-Message-Id: <201304050520.r355K0w8071999@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Olli Hauer Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 71AC77BB; Fri, 5 Apr 2013 05:15:09 +0000 (UTC) (envelope-from ohauer@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 4CB4E116; Fri, 5 Apr 2013 05:15:09 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r355F90A071932; Fri, 5 Apr 2013 05:15:09 GMT (envelope-from ohauer@freefall.freebsd.org) Received: (from ohauer@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r355F9SB071931; Fri, 5 Apr 2013 05:15:09 GMT (envelope-from ohauer) Message-Id: <201304050515.r355F9SB071931@freefall.freebsd.org> Date: Fri, 5 Apr 2013 05:15:09 GMT From: Olli Hauer To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: ports/177646: [patch] devel/subversion security update Cc: lev@FreeBSD.org X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Olli Hauer List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Apr 2013 05:20:00 -0000 >Number: 177646 >Category: ports >Synopsis: [patch] devel/subversion security update >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Apr 05 05:20:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Olli Hauer >Release: FreeBSD 8.3-RELEASE-p3 amd64 >Organization: >Environment: >Description: This release addesses five security issues: CVE-2013-1845: mod_dav_svn excessive memory usage from property changes CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs CVE-2013-1884: mod_dav_svn crashes on out of range limit in log REPORT request More information on these vulnerabilities, including the relevent advisories and potential attack vectors and workarounds, can be found on the Subversion security website: http://subversion.apache.org/security/ >How-To-Repeat: >Fix: --- subversion.diff begins here --- Index: subversion/Makefile.common =================================================================== --- subversion/Makefile.common (revision 315729) +++ subversion/Makefile.common (working copy) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= subversion -PORTVERSION= 1.7.8 +PORTVERSION= 1.7.9 PORTREVISION?= 0 CATEGORIES+= devel MASTER_SITES= ${MASTER_SITE_APACHE:S/$/:main/} \ Index: subversion/distinfo =================================================================== --- subversion/distinfo (revision 315729) +++ subversion/distinfo (working copy) @@ -1,5 +1,5 @@ -SHA256 (subversion17/subversion-1.7.8.tar.bz2) = fc83d4d98ccea8b7bfa8f5c20fff545c8baa7d035db930977550c51c6ca23686 -SIZE (subversion17/subversion-1.7.8.tar.bz2) = 6023912 +SHA256 (subversion17/subversion-1.7.9.tar.bz2) = f8454c585f99afed764232a5048d9b8bfd0a25a9ab8e339ea69fe1204c453ef4 +SIZE (subversion17/subversion-1.7.9.tar.bz2) = 6040347 SHA256 (subversion17/svn-book-html-r4304.tar.bz2) = a63d958b1ae70daf2ac93a53ece70a0ba0f8f7de7af3f74a665fe44b8f50ca14 SIZE (subversion17/svn-book-html-r4304.tar.bz2) = 467806 SHA256 (subversion17/svn-book-r4304.pdf) = 1b2cada79db8268fd6cd55fac4e5ee04c1e2977bbc587fa1098bd3613b9689b2 --- subversion.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: