From owner-freebsd-ports-bugs@FreeBSD.ORG Fri Apr 5 06:00:00 2013 Return-Path: Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 9E5DADBF for ; Fri, 5 Apr 2013 06:00:00 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 85ED2241 for ; Fri, 5 Apr 2013 06:00:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r35600OR078627 for ; Fri, 5 Apr 2013 06:00:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r35600tM078626; Fri, 5 Apr 2013 06:00:00 GMT (envelope-from gnats) Resent-Date: Fri, 5 Apr 2013 06:00:00 GMT Resent-Message-Id: <201304050600.r35600tM078626@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Olli Hauer Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id DFC92A0B; Fri, 5 Apr 2013 05:51:32 +0000 (UTC) (envelope-from ohauer@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id BACF21EC; Fri, 5 Apr 2013 05:51:32 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r355pWGP078455; Fri, 5 Apr 2013 05:51:32 GMT (envelope-from ohauer@freefall.freebsd.org) Received: (from ohauer@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r355pWYW078454; Fri, 5 Apr 2013 05:51:32 GMT (envelope-from ohauer) Message-Id: <201304050551.r355pWYW078454@freefall.freebsd.org> Date: Fri, 5 Apr 2013 05:51:32 GMT From: Olli Hauer To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: ports/177648: [patch] devel/subversion security update Cc: lev@FreeBSD.org X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Olli Hauer List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Apr 2013 06:00:00 -0000 >Number: 177648 >Category: ports >Synopsis: [patch] devel/subversion security update >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Apr 05 06:00:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Olli Hauer >Release: FreeBSD 8.3-RELEASE-p3 amd64 >Organization: >Environment: >Description: This release addesses five security issues: CVE-2013-1845: mod_dav_svn excessive memory usage from property changes CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs CVE-2013-1884: mod_dav_svn crashes on out of range limit in log REPORT request More information on these vulnerabilities, including the relevent advisories and potential attack vectors and workarounds, can be found on the Subversion security website: http://subversion.apache.org/security/ >How-To-Repeat: >Fix: --- subversion.diff begins here --- Index: subversion/Makefile.common =================================================================== --- subversion/Makefile.common (revision 315729) +++ subversion/Makefile.common (working copy) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= subversion -PORTVERSION= 1.7.8 +PORTVERSION= 1.7.9 PORTREVISION?= 0 CATEGORIES+= devel MASTER_SITES= ${MASTER_SITE_APACHE:S/$/:main/} \ Index: subversion/distinfo =================================================================== --- subversion/distinfo (revision 315729) +++ subversion/distinfo (working copy) @@ -1,5 +1,5 @@ -SHA256 (subversion17/subversion-1.7.8.tar.bz2) = fc83d4d98ccea8b7bfa8f5c20fff545c8baa7d035db930977550c51c6ca23686 -SIZE (subversion17/subversion-1.7.8.tar.bz2) = 6023912 +SHA256 (subversion17/subversion-1.7.9.tar.bz2) = f8454c585f99afed764232a5048d9b8bfd0a25a9ab8e339ea69fe1204c453ef4 +SIZE (subversion17/subversion-1.7.9.tar.bz2) = 6040347 SHA256 (subversion17/svn-book-html-r4304.tar.bz2) = a63d958b1ae70daf2ac93a53ece70a0ba0f8f7de7af3f74a665fe44b8f50ca14 SIZE (subversion17/svn-book-html-r4304.tar.bz2) = 467806 SHA256 (subversion17/svn-book-r4304.pdf) = 1b2cada79db8268fd6cd55fac4e5ee04c1e2977bbc587fa1098bd3613b9689b2 --- subversion.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: