This is the mail archive of the
cygwin
mailing list for the Cygwin project.
[ANNOUNCEMENT] Updated: subversion-1.9.3-1
- From: David Rothenberger <daveroth at acm dot org>
- To: cygwin at cygwin dot com
- Date: Wed, 16 Dec 2015 12:19:12 -0800
- Subject: [ANNOUNCEMENT] Updated: subversion-1.9.3-1
- Authentication-results: sourceware.org; auth=none
- Authentication-results: sourceware.org; auth=none
- Reply-to: cygwin at cygwin dot com
SECURITY:
=========
This release fixes two security issues:
CVE-2015-5259:
Remotely triggerable heap overflow and out-of-bounds read caused
by integer overflow in the svn:// protocol parser.
http://subversion.apache.org/security/CVE-2015-5259-advisory.txt
CVE-2015-5343:
Remotely triggerable heap overflow and out-of-bounds read in
mod_dav_svn caused by integer overflow when parsing skel-encoded
request bodies.
http://subversion.apache.org/security/CVE-2015-5343-advisory.txt
NEWS:
=====
Please see the release notes
http://subversion.apache.org/docs/release-notes/1.9.html
for more details about the changes in Subversion.
See
http://svn.apache.org/repos/asf/subversion/tags/1.9.3/CHANGES
for more details about the changes in 1.9.3.
DESCRIPTION:
============
Subversion is a version control system designed to be a compelling
successor to CVS.
Please see
http://svnbook.red-bean.com/nightly/en/index.html
for the latest official release of the Subversion Book.
QUESTIONS:
==========
If you want to make a point or ask a question the Cygwin mailing list is
the appropriate place.
--
David Rothenberger ---- daveroth@acm.org
Cats, no less liquid than their shadows, offer no angles to the wind.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple