--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2022-2af658b090
2022-07-15 01:15:23.604948
--------------------------------------------------------------------------------Name        : subversion
Product     : Fedora 36
Version     : 1.14.2
Release     : 5.fc36
URL         : https://subversion.apache.org/
Summary     : A Modern Concurrent Version Control System
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes.  Subversion only stores the differences between versions,
instead of every complete file.  Subversion is intended to be a
compelling replacement for CVS.

--------------------------------------------------------------------------------Update Information:

This update includes the latest stable release of _Apache Subversion_, version
**1.14.2**. This update addresses two security issues, `CVE-2021-28544` and
`CVE-2022-24070`.   For more information see
https://subversion.apache.org/security/CVE-2022-24070-advisory.txt and
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt  ### Client-side bugfixes: * Don't show unreadable copyfrom paths in 'svn log -v'   * Fix -r
option documentation for some svnadmin subcommands  * Fix error message encoding
when system() call fails  * Fix assertion failure in conflict resolver  ###
Client-side improvements and bugfixes: * Support multiple working copy formats
(1.8-onward, 1.15) ### Server-side bugfixes: * Fix use-after-free of object-pools when running in httpd (issue
[SVN-4880](https://issues.apache.org/jira/browse/SVN-4880))
--------------------------------------------------------------------------------ChangeLog:

* Tue Jul  5 2022 Joe Orton  - 1.14.2-5
- disable libmagic during test runs
* Tue Jul  5 2022 Joe Orton  - 1.14.2-4
- update for new Java arches and bump to JDK 17 (#2103909)
* Mon Jun 13 2022 Python Maint  - 1.14.2-3
- Rebuilt for Python 3.11
* Tue May 31 2022 Jitka Plesnikova  - 1.14.2-2
- Perl 5.36 rebuild
* Wed May  4 2022 Joe Orton  - 1.14.2-1
- update to 1.14.2 (#2073852, CVE-2021-28544, CVE-2022-24070)
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #2074772 - CVE-2022-24070 subversion: Subversion's mod_dav_svn is vulnerable to memory corruption
        https://bugzilla.redhat.com/show_bug.cgi?id=2074772
  [ 2 ] Bug #2074780 - CVE-2021-28544 subversion: SVN authz protected copyfrom paths regression
        https://bugzilla.redhat.com/show_bug.cgi?id=2074780
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-2af658b090' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Fedora 36: subversion 2022-2af658b090

July 14, 2022
This update includes the latest stable release of _Apache Subversion_, version **1.14.2**

Summary

Subversion is a concurrent version control system which enables one

or more users to collaborate in developing and maintaining a

hierarchy of files and directories while keeping a history of all

changes. Subversion only stores the differences between versions,

instead of every complete file. Subversion is intended to be a

compelling replacement for CVS.

This update includes the latest stable release of _Apache Subversion_, version

**1.14.2**. This update addresses two security issues, `CVE-2021-28544` and

`CVE-2022-24070`. For more information see

https://subversion.apache.org/security/CVE-2022-24070-advisory.txt and

https://subversion.apache.org/security/CVE-2021-28544-advisory.txt ### Client-side bugfixes: * Don't show unreadable copyfrom paths in 'svn log -v' * Fix -r

option documentation for some svnadmin subcommands * Fix error message encoding

when system() call fails * Fix assertion failure in conflict resolver ###

Client-side improvements and bugfixes: * Support multiple working copy formats

(1.8-onward, 1.15) ### Server-side bugfixes: * Fix use-after-free of object-pools when running in httpd (issue

[SVN-4880](https://issues.apache.org/jira/browse/SVN-4880))

* Tue Jul 5 2022 Joe Orton - 1.14.2-5

- disable libmagic during test runs

* Tue Jul 5 2022 Joe Orton - 1.14.2-4

- update for new Java arches and bump to JDK 17 (#2103909)

* Mon Jun 13 2022 Python Maint - 1.14.2-3

- Rebuilt for Python 3.11

* Tue May 31 2022 Jitka Plesnikova - 1.14.2-2

- Perl 5.36 rebuild

* Wed May 4 2022 Joe Orton - 1.14.2-1

- update to 1.14.2 (#2073852, CVE-2021-28544, CVE-2022-24070)

[ 1 ] Bug #2074772 - CVE-2022-24070 subversion: Subversion's mod_dav_svn is vulnerable to memory corruption

https://bugzilla.redhat.com/show_bug.cgi?id=2074772

[ 2 ] Bug #2074780 - CVE-2021-28544 subversion: SVN authz protected copyfrom paths regression

https://bugzilla.redhat.com/show_bug.cgi?id=2074780

su -c 'dnf upgrade --advisory FEDORA-2022-2af658b090' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

FEDORA-2022-2af658b090 2022-07-15 01:15:23.604948 Product : Fedora 36 Version : 1.14.2 Release : 5.fc36 URL : https://subversion.apache.org/ Summary : A Modern Concurrent Version Control System Description : Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS. This update includes the latest stable release of _Apache Subversion_, version **1.14.2**. This update addresses two security issues, `CVE-2021-28544` and `CVE-2022-24070`. For more information see https://subversion.apache.org/security/CVE-2022-24070-advisory.txt and https://subversion.apache.org/security/CVE-2021-28544-advisory.txt ### Client-side bugfixes: * Don't show unreadable copyfrom paths in 'svn log -v' * Fix -r option documentation for some svnadmin subcommands * Fix error message encoding when system() call fails * Fix assertion failure in conflict resolver ### Client-side improvements and bugfixes: * Support multiple working copy formats (1.8-onward, 1.15) ### Server-side bugfixes: * Fix use-after-free of object-pools when running in httpd (issue [SVN-4880](https://issues.apache.org/jira/browse/SVN-4880)) * Tue Jul 5 2022 Joe Orton - 1.14.2-5 - disable libmagic during test runs * Tue Jul 5 2022 Joe Orton - 1.14.2-4 - update for new Java arches and bump to JDK 17 (#2103909) * Mon Jun 13 2022 Python Maint - 1.14.2-3 - Rebuilt for Python 3.11 * Tue May 31 2022 Jitka Plesnikova - 1.14.2-2 - Perl 5.36 rebuild * Wed May 4 2022 Joe Orton - 1.14.2-1 - update to 1.14.2 (#2073852, CVE-2021-28544, CVE-2022-24070) [ 1 ] Bug #2074772 - CVE-2022-24070 subversion: Subversion's mod_dav_svn is vulnerable to memory corruption https://bugzilla.redhat.com/show_bug.cgi?id=2074772 [ 2 ] Bug #2074780 - CVE-2021-28544 subversion: SVN authz protected copyfrom paths regression https://bugzilla.redhat.com/show_bug.cgi?id=2074780 su -c 'dnf upgrade --advisory FEDORA-2022-2af658b090' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Change Log

References

Update Instructions

Severity
Product : Fedora 36
Version : 1.14.2
Release : 5.fc36
URL : https://subversion.apache.org/
Summary : A Modern Concurrent Version Control System

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo