Updated: subversion-1.9.3-1

David Rothenberger daveroth@acm.org
Wed Dec 16 20:22:00 GMT 2015


SECURITY:
=========
This release fixes two security issues:

    CVE-2015-5259:
    Remotely triggerable heap overflow and out-of-bounds read caused
    by integer overflow in the svn:// protocol parser.
    http://subversion.apache.org/security/CVE-2015-5259-advisory.txt

    CVE-2015-5343:
    Remotely triggerable heap overflow and out-of-bounds read in
    mod_dav_svn caused by integer overflow when parsing skel-encoded
    request bodies.
    http://subversion.apache.org/security/CVE-2015-5343-advisory.txt


NEWS:
=====
Please see the release notes

  http://subversion.apache.org/docs/release-notes/1.9.html

for more details about the changes in Subversion.

See

  http://svn.apache.org/repos/asf/subversion/tags/1.9.3/CHANGES

for more details about the changes in 1.9.3.


DESCRIPTION:
============
Subversion is a version control system designed to be a compelling
successor to CVS.

Please see

  http://svnbook.red-bean.com/nightly/en/index.html

for the latest official release of the Subversion Book.

QUESTIONS:
==========
If you want to make a point or ask a question the Cygwin mailing list is
the appropriate place.

-- 
David Rothenberger  ----  daveroth@acm.org

Cats, no less liquid than their shadows, offer no angles to the wind.



More information about the Cygwin-announce mailing list