Debian Bug report logs -
#773263
subversion: CVE-2014-3580
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 16 Dec 2014 07:36:02 UTC
Severity: grave
Tags: patch, pending, security
Found in versions subversion/1.6.17dfsg-4, subversion/1.5.1dfsg1-5
Fixed in versions subversion/1.8.10-5, subversion/1.6.12dfsg-7+deb6u1, subversion/1.6.17dfsg-4+deb7u7
Done: James McCoy <jamessan@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Peter Samuelson <peter@p12n.org>:
Bug#773263; Package subversion.
(Tue, 16 Dec 2014 07:36:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Peter Samuelson <peter@p12n.org>.
(Tue, 16 Dec 2014 07:36:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: subversion
Version: 1.5.1dfsg1-5
Severity: grave
Tags: security
Hi,
please see
http://subversion.apache.org/security/CVE-2014-3580-advisory.txt for
further information.
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Peter Samuelson <peter@p12n.org>:
Bug#773263; Package subversion.
(Tue, 16 Dec 2014 08:06:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Peter Samuelson <peter@p12n.org>.
(Tue, 16 Dec 2014 08:06:05 GMT) (full text, mbox, link).
Message #10 received at 773263@bugs.debian.org (full text, mbox, reply):
Also http://subversion.apache.org/security/CVE-2014-8108-advisory.txt
Cheers,
Moritz
Marked as found in versions subversion/1.6.17dfsg-4.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 16 Dec 2014 18:45:05 GMT) (full text, mbox, link).
Bug 773263 cloned as bug 773315
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 16 Dec 2014 18:51:05 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from jamessan@users.alioth.debian.org
to control@bugs.debian.org.
(Wed, 17 Dec 2014 05:15:05 GMT) (full text, mbox, link).
Added tag(s) patch.
Request was from Ivo De Decker <ivodd@debian.org>
to control@bugs.debian.org.
(Thu, 18 Dec 2014 06:57:05 GMT) (full text, mbox, link).
Reply sent
to James McCoy <jamessan@debian.org>:
You have taken responsibility.
(Fri, 19 Dec 2014 01:51:05 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Fri, 19 Dec 2014 01:51:06 GMT) (full text, mbox, link).
Message #23 received at 773263-close@bugs.debian.org (full text, mbox, reply):
Source: subversion
Source-Version: 1.8.10-5
We believe that the bug you reported is fixed in the latest version of
subversion, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 773263@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
James McCoy <jamessan@debian.org> (supplier of updated subversion package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 17 Dec 2014 00:11:03 -0500
Source: subversion
Binary: subversion subversion-dbg libsvn1 libsvn-dev libsvn-doc libapache2-mod-svn libapache2-svn python-subversion subversion-tools libsvn-java libsvn-perl ruby-svn libsvn-ruby1.8
Architecture: source all amd64
Version: 1.8.10-5
Distribution: unstable
Urgency: medium
Maintainer: James McCoy <jamessan@debian.org>
Changed-By: James McCoy <jamessan@debian.org>
Description:
libapache2-mod-svn - Apache Subversion server modules for Apache httpd
libapache2-svn - Apache Subversion server modules for Apache httpd (dummy package)
libsvn-dev - Development files for Apache Subversion libraries
libsvn-doc - Developer documentation for libsvn
libsvn-java - Java bindings for Apache Subversion
libsvn-perl - Perl bindings for Apache Subversion
libsvn-ruby1.8 - Ruby bindings for Apache Subversion (dummy package)
libsvn1 - Shared libraries used by Apache Subversion
python-subversion - Python bindings for Apache Subversion
ruby-svn - Ruby bindings for Apache Subversion
subversion - Advanced version control system
subversion-dbg - Debug symbols for Apache Subversion
subversion-tools - Assorted tools related to Apache Subversion
Closes: 773263 773315
Changes:
subversion (1.8.10-5) unstable; urgency=medium
.
* patches/CVE-2014-8108: mod_dav_svn DoS vulnerability with invalid virtual
transaction names (Closes: #773315)
* patches/CVE-2014-3580: mod_dav_svn DoS vulnerability with invalid REPORT
requests (Closes: #773263)
Checksums-Sha1:
70ca80fbfb606e077d137d824dcd6f06793f01d1 3101 subversion_1.8.10-5.dsc
b5a4f3e2318af98ee10686efe26aa2010c2bbc9d 271647 subversion_1.8.10-5.diff.gz
f057a9532fea5e701a057bba61612e766aa23ac0 1406758 libsvn-doc_1.8.10-5_all.deb
326b5edd1d914bff7c7e29749e23e06f20d2b7d6 124840 libapache2-svn_1.8.10-5_all.deb
fb1489effaa9d87f1d2ac4e9cdb5c8456ab5a924 1024 libsvn-ruby1.8_1.8.10-5_all.deb
6b0d889ea6e41cb9689bdbdf37aaf4567520f62e 921024 subversion_1.8.10-5_amd64.deb
6edc0a44b238facd293d5193b9f423a4bfd21e38 7827758 subversion-dbg_1.8.10-5_amd64.deb
75bd170ee80a4a9334441624c40e8e1fe06fac0d 1076482 libsvn1_1.8.10-5_amd64.deb
f67c85e8a80741330156e101899f3db76c25f50b 1214428 libsvn-dev_1.8.10-5_amd64.deb
62c22c1a67cfb4e9576b3946434fbedd1053eda6 199298 libapache2-mod-svn_1.8.10-5_amd64.deb
454ed8d55fb1528e021e03ac904419fadb45e872 649976 python-subversion_1.8.10-5_amd64.deb
c5721f0c25e3d5398b0f51f63e43a118efd74776 321790 subversion-tools_1.8.10-5_amd64.deb
b2abea53899b06f82f40f50f7ba49f28da98c1e4 351180 libsvn-java_1.8.10-5_amd64.deb
7149b6ee93a7b802bd78f4cfc3c2aa670fc8d0be 936324 libsvn-perl_1.8.10-5_amd64.deb
e4723efe629777fe5b9b1901415a38c89462d3dd 560954 ruby-svn_1.8.10-5_amd64.deb
Checksums-Sha256:
fbe0e68ba549a66fd8e0d3bdacce69a3543ad460374a750c6a077668255e1216 3101 subversion_1.8.10-5.dsc
d0d672e75eb6e4221dcee8ae629bdd8b2cc3931935594db81bf4f5369ffe9e74 271647 subversion_1.8.10-5.diff.gz
08fb1f830559b920fecc6b539f3a6757dbbf10520c6854422ae27973e495b0cd 1406758 libsvn-doc_1.8.10-5_all.deb
4ae3f4f93ee5255559df2993456018c790600bc52e52d62878d50f31d35566e5 124840 libapache2-svn_1.8.10-5_all.deb
014e1688910042d708daefd8a173e700526096c6902e4224c6c93b08abeb1397 1024 libsvn-ruby1.8_1.8.10-5_all.deb
a1a151b241c62c09004567a17018c90a15a7fe9cbf74fb874ad32e18dd999e0b 921024 subversion_1.8.10-5_amd64.deb
acde0cbceebd8e21789a8d4fd24bb5595445e8b703eccc26e58393d745d2e644 7827758 subversion-dbg_1.8.10-5_amd64.deb
d70763ce004894ab4e82c3822a44eb418935cf48c8a92f1e9773e416d33e0c94 1076482 libsvn1_1.8.10-5_amd64.deb
4752d8d819cb83b82b2ed5b8ddc34af680c245fbca8d0728031057eb3ec7b23d 1214428 libsvn-dev_1.8.10-5_amd64.deb
84eb797a4bd5d9768fe007799ea6c73f39e512869d359d92ec7218cc6bb286e4 199298 libapache2-mod-svn_1.8.10-5_amd64.deb
b41c86e4b440d59a0ac2cd30f18a49ed39da1cef46ca9b7c5274646e197ee44e 649976 python-subversion_1.8.10-5_amd64.deb
dcf7ebd79deacd86aeff5c8304069be3a45c25df36a1406fd390009351fd0eb9 321790 subversion-tools_1.8.10-5_amd64.deb
718b71727242b4cd60fd1ea096b54581c8a59848d89c9905e9bd073b975ed385 351180 libsvn-java_1.8.10-5_amd64.deb
50aa9792e2832c7d936bdd780b2d1684117f3d64666978160bc29762fb0c887f 936324 libsvn-perl_1.8.10-5_amd64.deb
c2423c6b93fdb024fffd86192ad3d6a6a69c61d166f20eee7112200e8c1c15e7 560954 ruby-svn_1.8.10-5_amd64.deb
Files:
f95bbd69d61650a15de374aa617c48cb 3101 vcs optional subversion_1.8.10-5.dsc
e41209ff8e8eb73bd1fe951b35b7b4ec 271647 vcs optional subversion_1.8.10-5.diff.gz
75a7b71e1fb8db23e00b07aecf7f776e 1406758 doc extra libsvn-doc_1.8.10-5_all.deb
6b1155042f6a961b042c114446f44443 124840 oldlibs extra libapache2-svn_1.8.10-5_all.deb
dada21ab947d3b7764b22e0d2b1b60b2 1024 oldlibs extra libsvn-ruby1.8_1.8.10-5_all.deb
3cbe92dccb3453742c83fee2cf086a95 921024 vcs optional subversion_1.8.10-5_amd64.deb
e58f5c6fd00d7fb20a601f4bfa4346f3 7827758 debug extra subversion-dbg_1.8.10-5_amd64.deb
3d753e6d76e144ad30f0179b7ce97541 1076482 libs optional libsvn1_1.8.10-5_amd64.deb
e22cc35112e22dc9d58c4f134926c34a 1214428 libdevel extra libsvn-dev_1.8.10-5_amd64.deb
018a60cc4a8a6bb85e90b5adf28ed8ba 199298 httpd optional libapache2-mod-svn_1.8.10-5_amd64.deb
93afae9c630bc39f89295e0d941122dd 649976 python optional python-subversion_1.8.10-5_amd64.deb
1510ba53681de8872d8d0646267890fc 321790 vcs extra subversion-tools_1.8.10-5_amd64.deb
c34ea139fb99f83a59f3cf897163dc8d 351180 java optional libsvn-java_1.8.10-5_amd64.deb
d0eb0947540842ef5f13eba80ef89e1c 936324 perl optional libsvn-perl_1.8.10-5_amd64.deb
d8cfac6a849b10f24c8dc455b43ff9a6 560954 ruby optional ruby-svn_1.8.10-5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJUk4BCXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5MUJGQkY0RDY5NTZCRDVERjdCNzJEMjNE
RkU2OTFBRTMzMUJBM0RCAAoJEN/mka4zG6PbtcMQAMOlrupxovi7QqLXA2t0xcJ/
W1DYcUUCRfwmJi8WEp5lSUWLcvZmkfqvX7IAAl2dR24rwnDBFWU4gok668pIZm6c
yeISuX659OXkmvyvqc/gqqQHBMO5IjyxG0svhjLEM49UBm02ipOz5CPiV93QV4mS
GbiMaICzjQJ4KsgsfImD0ugL7RX/KubqenmMt8KBzOh4eq99Q8DrBmcSO8NnrQnO
qKlJ8NxIMle+mpXx3ey3vUEQ3vfRrknCd7LyzF54OY2B+Aj3hyt80wyOnNAqPcZq
5UEUhxV/6kndHehRWSCn7yqP6HqLIHWQeSShJPDTWY6TVaE/drXl9P0J72hPsz9G
/8kYW2NILN+nZM75Lnf8pfL0Mb+/qX67+jvIyZADKm1EJ8/eufwzElmTCqqa0Xuz
jqArgg/bKbHj5K+9YXE0WtDV/pRJdJzJ2LkOvfOMayR5rdgHWuniG2PHREcZmSF6
UlefMQEXp3ZJ3zpf5L+uDaXLYoxvfmyhOGZOyf3+8wuc+2p/r2WoBFbnj56K+TjN
KGtBEtTUuSJs0/lXt4PyQ1lr2MOCixxBgofx049FD+35TZ5IfuoZM3IAb9sEpYGZ
Tip4ciVyWcROLMznWguuSyVxc/PtoPfobSsSWAhFsgpaH/LUcOahZpf9NKGpdVrV
PvaisT0rbODeCbDbpxfe
=YG7f
-----END PGP SIGNATURE-----
Added tag(s) pending.
Request was from jamessan@users.alioth.debian.org
to control@bugs.debian.org.
(Fri, 19 Dec 2014 13:30:04 GMT) (full text, mbox, link).
Reply sent
to Holger Levsen <holger@debian.org>:
You have taken responsibility.
(Sun, 21 Dec 2014 21:54:27 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Sun, 21 Dec 2014 21:54:27 GMT) (full text, mbox, link).
Message #30 received at 773263-close@bugs.debian.org (full text, mbox, reply):
Source: subversion
Source-Version: 1.6.12dfsg-7+deb6u1
We believe that the bug you reported is fixed in the latest version of
subversion, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 773263@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Holger Levsen <holger@debian.org> (supplier of updated subversion package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 21 Dec 2014 21:27:53 +0100
Source: subversion
Binary: subversion libsvn1 libsvn-dev libsvn-doc libapache2-svn python-subversion subversion-tools libsvn-java libsvn-perl libsvn-ruby1.8 libsvn-ruby
Architecture: source all i386
Version: 1.6.12dfsg-7+deb6u1
Distribution: squeeze-lts
Urgency: medium
Maintainer: Peter Samuelson <peter@p12n.org>
Changed-By: Holger Levsen <holger@debian.org>
Description:
libapache2-svn - Subversion server modules for Apache
libsvn-dev - Development files for Subversion libraries
libsvn-doc - Developer documentation for libsvn
libsvn-java - Java bindings for Subversion
libsvn-perl - Perl bindings for Subversion
libsvn-ruby - Ruby bindings for Subversion (dummy package)
libsvn-ruby1.8 - Ruby bindings for Subversion
libsvn1 - Shared libraries used by Subversion
python-subversion - Python bindings for Subversion
subversion - Advanced version control system
subversion-tools - Assorted tools related to Subversion
Closes: 773263
Changes:
subversion (1.6.12dfsg-7+deb6u1) squeeze-lts; urgency=medium
.
* Non-maintainer upload by the Squeeze LTS Team.
* Add patches/CVE-2014-3580 to fix mod_dav_svn DoS vulnerability with invalid
REPORT requests. (Closes: #773263)
Checksums-Sha1:
7421cfbe18690c43de68c6161adf19b03bc3bf28 2611 subversion_1.6.12dfsg-7+deb6u1.dsc
2b107ad4f7c6ce6ea480037946032c064c27f527 109829 subversion_1.6.12dfsg-7+deb6u1.diff.gz
f6faac885997db9704bf68dcfac75060eda823ca 1960674 libsvn-doc_1.6.12dfsg-7+deb6u1_all.deb
75f9807d65487a692b281e5ce461fb38a320d13f 219934 subversion-tools_1.6.12dfsg-7+deb6u1_all.deb
5c91c88105eac6311bc43561811352ec62f89662 766 libsvn-ruby_1.6.12dfsg-7+deb6u1_all.deb
17ace90f94e4888dda8de66ca23e1988eb11862c 1297398 subversion_1.6.12dfsg-7+deb6u1_i386.deb
d1d1fab0f9bbe168453bba113fd5c4ffcab7d189 907366 libsvn1_1.6.12dfsg-7+deb6u1_i386.deb
efb9cb783645e9b552dfbeebfb2ce0735ea9623b 1202802 libsvn-dev_1.6.12dfsg-7+deb6u1_i386.deb
919ba6e5aebb55a1d569fc2113e35180bbd7f15f 163136 libapache2-svn_1.6.12dfsg-7+deb6u1_i386.deb
16e18bfdcc0c3d524e8daec07e14d187ff2445be 1119130 python-subversion_1.6.12dfsg-7+deb6u1_i386.deb
f49c0f103f481f1aa1693a311e9c191c9c1a14d1 302436 libsvn-java_1.6.12dfsg-7+deb6u1_i386.deb
9e0046f0daafc4ed2422689e8e8eea13eb540739 1126764 libsvn-perl_1.6.12dfsg-7+deb6u1_i386.deb
c2eff450170315125136c8bbef4def350ff7a8e1 525780 libsvn-ruby1.8_1.6.12dfsg-7+deb6u1_i386.deb
Checksums-Sha256:
fb002a2b1c582570b1dbefbc168954f8b8366d12b8453a703131898a6d977a73 2611 subversion_1.6.12dfsg-7+deb6u1.dsc
fb8b3d263d77ed52b7d705807e57d6dcfc5543c039a31a282c1bc7efe2717cb3 109829 subversion_1.6.12dfsg-7+deb6u1.diff.gz
dd0559cc35c0abc0e989dccd02667f1f2c351d7660813094b864741226e462bc 1960674 libsvn-doc_1.6.12dfsg-7+deb6u1_all.deb
87f7049abe7c02eb813855486d289524e2fbcf78d9e8bf4719254b95f42036e0 219934 subversion-tools_1.6.12dfsg-7+deb6u1_all.deb
5a2db1b61e8fdab7ebe32d1a3dcac4c445da821ed90ca6a3659314442fde0383 766 libsvn-ruby_1.6.12dfsg-7+deb6u1_all.deb
c291bb58044fc38455f65a50de0fcbb3a0355cd9e6f08330055bc7e9e425e485 1297398 subversion_1.6.12dfsg-7+deb6u1_i386.deb
df20d4de24d2374ed3e164b55b6010251943493ba35e7a3deed5dcfdf641decb 907366 libsvn1_1.6.12dfsg-7+deb6u1_i386.deb
d3440be0dbe754bf6215df23ac5c33a3c6e12e5f882cdc2dd6424be9ce5333a4 1202802 libsvn-dev_1.6.12dfsg-7+deb6u1_i386.deb
28aaa2b6ea8b49eb4b693331a29cb9d712dbc36411b6ba82d53e8caf2dc2a493 163136 libapache2-svn_1.6.12dfsg-7+deb6u1_i386.deb
97d88d7dc8a49776845f58b87f3bb25fdb0f7c8a6f73338a57bc6d573dfebc82 1119130 python-subversion_1.6.12dfsg-7+deb6u1_i386.deb
bbc1ea1c15d51a75dd77e0a6a022c10f8bca7925b8ef552d7f0a67355cb8f34f 302436 libsvn-java_1.6.12dfsg-7+deb6u1_i386.deb
3e21b34c060e2e797ce4af6551fabace98b4993aeec721eafecfc8efe49f4ce4 1126764 libsvn-perl_1.6.12dfsg-7+deb6u1_i386.deb
a31aa264425f47dae8e74223fcf5dca0c0e150f09f53e969221593851a529954 525780 libsvn-ruby1.8_1.6.12dfsg-7+deb6u1_i386.deb
Files:
78200cb8d279dc5fec98a28009188e38 2611 vcs optional subversion_1.6.12dfsg-7+deb6u1.dsc
aefbfa8735584963fc04f5da269874f4 109829 vcs optional subversion_1.6.12dfsg-7+deb6u1.diff.gz
2652df391b6f354f2b92eba1bfce36c9 1960674 doc extra libsvn-doc_1.6.12dfsg-7+deb6u1_all.deb
463628a1b66f3173d4dc68af59042d0c 219934 vcs extra subversion-tools_1.6.12dfsg-7+deb6u1_all.deb
92205945cf2a8bb22b005a6fe3b7db89 766 ruby optional libsvn-ruby_1.6.12dfsg-7+deb6u1_all.deb
b7aa6081a68b99d76a6bd82a4b279591 1297398 vcs optional subversion_1.6.12dfsg-7+deb6u1_i386.deb
0ff80544e79435edd47c7571dc1fef9f 907366 vcs optional libsvn1_1.6.12dfsg-7+deb6u1_i386.deb
0b0a24ead89cfcde12a191663f0d7c24 1202802 vcs extra libsvn-dev_1.6.12dfsg-7+deb6u1_i386.deb
b7a4cb839391d2aabcd6673a494a8b35 163136 httpd optional libapache2-svn_1.6.12dfsg-7+deb6u1_i386.deb
b44ed30a02c010930d00fc8855b80263 1119130 python optional python-subversion_1.6.12dfsg-7+deb6u1_i386.deb
db1966489d53b0ce03d04e5d3dfdf1d1 302436 java optional libsvn-java_1.6.12dfsg-7+deb6u1_i386.deb
a69de290fce44daee381b46ed23b0eb9 1126764 perl optional libsvn-perl_1.6.12dfsg-7+deb6u1_i386.deb
cc88c73d74982e5dfdde87738a886d71 525780 ruby optional libsvn-ruby1.8_1.6.12dfsg-7+deb6u1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIVAwUBVJc6HgkauFYGmqocAQoXyBAAmiByLOwqt4sdkpQ4ESw/p9/J6kbR4aOS
8GAYjTQ3sw3aucgfwyEmGP947Uaf6oM2/VerniPldQYu3BwjmP27hvN7TE0icXB0
BzW4f/8QyFBntneLj1jQ9h0gtt4McyXIy8o2m8rAZgPG4dEJ0IqvteaK0j9A+GA4
Q2SRPwAOggFP87s2IImSdnMZdjr5bVrfDSZE4TD5XPH8NnzcwXBZTmJ+aPKSvRVX
rBlkhMRxxAiqwzvQIS7glZ2fnsxOP2cRTRTk7cOqDTl2q91KDvlH0AzPFGR8lM62
ZitwluvvDeA5bsvTXzl8GopvO2ooZsdi97qNn46vQvYSItPJNQs8ll6d3b3shYj5
/tzFiAu7EEmoA7VEHSUS5ZFJ7M7f5liAl3E8nHRVkTpUaTqO690nxDercpqyaqyv
7Apw95u0Y+5utxQS2CxcI07VaFAASGr6QDo+MzE/Y3nd993tb9z+5+cFcchtgPuG
TmqY7JPdYQC2DRvtLI5v52Nkg6CV2Tv4IYk0ZbHqSKF8f2Dgsdtyb7v0WONyicqy
biBc/XP1tSQLk/gS9s2C01XmVr/Rg8PkzN+N90lXFnYMwH9bONe3WzuiSYZX66bO
x2m3XzsV6qlUtZIIKb0T+TLg4EUNbAUIabcVwV+zNfE/vCEg7EyrhaZjNYtklomB
d3vWWMkY6OU=
=f/8/
-----END PGP SIGNATURE-----
Reply sent
to James McCoy <jamessan@debian.org>:
You have taken responsibility.
(Wed, 24 Dec 2014 15:45:15 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Wed, 24 Dec 2014 15:45:15 GMT) (full text, mbox, link).
Message #35 received at 773263-close@bugs.debian.org (full text, mbox, reply):
Source: subversion
Source-Version: 1.6.17dfsg-4+deb7u7
We believe that the bug you reported is fixed in the latest version of
subversion, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 773263@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
James McCoy <jamessan@debian.org> (supplier of updated subversion package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 18 Dec 2014 21:55:36 -0500
Source: subversion
Binary: subversion libsvn1 libsvn-dev libsvn-doc libapache2-svn python-subversion subversion-tools libsvn-java libsvn-perl libsvn-ruby1.8 libsvn-ruby
Architecture: source all amd64
Version: 1.6.17dfsg-4+deb7u7
Distribution: wheezy-security
Urgency: high
Maintainer: James McCoy <jamessan@debian.org>
Changed-By: James McCoy <jamessan@debian.org>
Description:
libapache2-svn - Subversion server modules for Apache
libsvn-dev - Development files for Subversion libraries
libsvn-doc - Developer documentation for libsvn
libsvn-java - Java bindings for Subversion
libsvn-perl - Perl bindings for Subversion
libsvn-ruby - Ruby bindings for Subversion (dummy package)
libsvn-ruby1.8 - Ruby bindings for Subversion
libsvn1 - Shared libraries used by Subversion
python-subversion - Python bindings for Subversion
subversion - Advanced version control system
subversion-tools - Assorted tools related to Subversion
Closes: 773263
Changes:
subversion (1.6.17dfsg-4+deb7u7) wheezy-security; urgency=high
.
* patches/CVE-2014-3580: mod_dav_svn DoS vulnerability with invalid REPORT
requests (Closes: #773263)
Checksums-Sha1:
5155fe297749bbbc47ff130527f1c95995861c1c 3054 subversion_1.6.17dfsg-4+deb7u7.dsc
1fa5a3dea7ca8e6dda01d37e35a7818514c18625 115037 subversion_1.6.17dfsg-4+deb7u7.diff.gz
d55d0c2e0436106bfd2f610fcd45db17e02c1f76 2083570 libsvn-doc_1.6.17dfsg-4+deb7u7_all.deb
3267a94737131a88c4ed9523c4a529d2f1dd97db 222108 subversion-tools_1.6.17dfsg-4+deb7u7_all.deb
591755909aa4b7ab3f96908bb4c4392c71a9f954 764 libsvn-ruby_1.6.17dfsg-4+deb7u7_all.deb
a0f026ecfd6d850978ae97a34658d9c80db48a9b 1317528 subversion_1.6.17dfsg-4+deb7u7_amd64.deb
665796984faf7f44eb0d4c92a5dc4a3115d82a4e 934840 libsvn1_1.6.17dfsg-4+deb7u7_amd64.deb
25bcd19d0d39894d11a7e4b1c9e6dff9d2cfb3ac 1304348 libsvn-dev_1.6.17dfsg-4+deb7u7_amd64.deb
a1d3e040810a467f724378a2be096e892e8bf008 173216 libapache2-svn_1.6.17dfsg-4+deb7u7_amd64.deb
6e3e581659501cfc3a087aa0d18c62e4b4d59d24 1340300 python-subversion_1.6.17dfsg-4+deb7u7_amd64.deb
7353903903d6d17b2cdabceb53618a801b60658b 306250 libsvn-java_1.6.17dfsg-4+deb7u7_amd64.deb
b751a769782412f93c13dc6c52605c70973bd7c6 1082936 libsvn-perl_1.6.17dfsg-4+deb7u7_amd64.deb
9a6b2fd83e70ba68b870cadadc74fcaffaf038c1 627994 libsvn-ruby1.8_1.6.17dfsg-4+deb7u7_amd64.deb
Checksums-Sha256:
b493fdb5551bbe320223d984883989a227ba65816bd65bfafc20eb46400f5ade 3054 subversion_1.6.17dfsg-4+deb7u7.dsc
7b6002e49ba17429a1c5a26dbfd7b97fcf081d68522164a2aa675863a39f1f72 115037 subversion_1.6.17dfsg-4+deb7u7.diff.gz
c22e0c66db69ef1ffdbf8fc9c69f60fb6018ce3321ad3b37afa2976bf33ee595 2083570 libsvn-doc_1.6.17dfsg-4+deb7u7_all.deb
390bfbf44c19d46530596fd6a9a444377da638af091741cf417ab56b4059f3ac 222108 subversion-tools_1.6.17dfsg-4+deb7u7_all.deb
c634e35a026c4e4123652fb5d5c69f263befd9fb2aa7cbeab9580fac743a3398 764 libsvn-ruby_1.6.17dfsg-4+deb7u7_all.deb
5e08d8a7b0a3c743fd80a11c73024b1fed91544e49b7e02642000a8d63813cce 1317528 subversion_1.6.17dfsg-4+deb7u7_amd64.deb
c6940853953065bd1182ac24621b2fa2269b0dd23e2f6e886dbe842afb4fc535 934840 libsvn1_1.6.17dfsg-4+deb7u7_amd64.deb
e206d8d868e977e03b45c6b6c8d3388a6eb9ec89b52d81c2eced166bf685ff45 1304348 libsvn-dev_1.6.17dfsg-4+deb7u7_amd64.deb
f7370c4b85b8950e35b574b36dda186d845e535292f2ef75a65e82336e6676ac 173216 libapache2-svn_1.6.17dfsg-4+deb7u7_amd64.deb
f0e8965d7e23cd56adce1fe614ba0d81d89b1b8d73ec267b67933c814409dd93 1340300 python-subversion_1.6.17dfsg-4+deb7u7_amd64.deb
6eb79442234e26a374e1d31ccff4e0745d275b533a9ee0435f4304abf5e72d26 306250 libsvn-java_1.6.17dfsg-4+deb7u7_amd64.deb
78ea8057298aa7f1a84e8e555ebc46469fbc08f4ca31412fb225069577a4027a 1082936 libsvn-perl_1.6.17dfsg-4+deb7u7_amd64.deb
039f10d8e6cee922d07b1d8cfae93ad845935dc7003862b934e2f6fc926c694c 627994 libsvn-ruby1.8_1.6.17dfsg-4+deb7u7_amd64.deb
Files:
6a0fcfeb1315c6e5c74cbd3bc1c12603 3054 vcs optional subversion_1.6.17dfsg-4+deb7u7.dsc
3a56bb4b9a8c33d7a8b56907bc42ca3b 115037 vcs optional subversion_1.6.17dfsg-4+deb7u7.diff.gz
be101d2086d77a36d46d920b1ca3db3e 2083570 doc extra libsvn-doc_1.6.17dfsg-4+deb7u7_all.deb
912741f6927e3fb81b9a46e24f65ad41 222108 vcs extra subversion-tools_1.6.17dfsg-4+deb7u7_all.deb
30a7d3d8c03cdea93bba773274823a6b 764 ruby optional libsvn-ruby_1.6.17dfsg-4+deb7u7_all.deb
07a19a5bb5ccf5065d4a8c525ba8dea2 1317528 vcs optional subversion_1.6.17dfsg-4+deb7u7_amd64.deb
320b881ca629a182c4a606a7712a8a6d 934840 vcs optional libsvn1_1.6.17dfsg-4+deb7u7_amd64.deb
5f7847fe3c12d3e4d1cafc6bff180332 1304348 libdevel extra libsvn-dev_1.6.17dfsg-4+deb7u7_amd64.deb
a9a9f738c3ed958cc1db70c3bfca3597 173216 httpd optional libapache2-svn_1.6.17dfsg-4+deb7u7_amd64.deb
dd7a9f5ea3956c330349cd7e7d47c04b 1340300 python optional python-subversion_1.6.17dfsg-4+deb7u7_amd64.deb
021d4f9ca4cb04c783c69ff9cda6b7b7 306250 java optional libsvn-java_1.6.17dfsg-4+deb7u7_amd64.deb
11ee3d11507682a426f629214cf6ba77 1082936 perl optional libsvn-perl_1.6.17dfsg-4+deb7u7_amd64.deb
5538c7e3d0d7bf526070515d27a2168d 627994 ruby optional libsvn-ruby1.8_1.6.17dfsg-4+deb7u7_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJUlCfKXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5MUJGQkY0RDY5NTZCRDVERjdCNzJEMjNE
RkU2OTFBRTMzMUJBM0RCAAoJEN/mka4zG6PbfGwQALyn6v0kdiZwxGpHx6o8zD6T
J7M/v3V3Ja607Y0IWB/AQJM0vdCoJ8NxUAqlnz+jQ8fqf4nO8DjbzqYetxBF0xPB
gZp+TGuVZm1qMRip3mSYchU8477jSFzaI1Us146iXJUnIidZoKsoHlChzmsKI/9P
+W4dVCSpCHgiEZrzmD1yJHxy/pwFSSejIpMIDjgL6wNIycj+MLvpFV/DI6tiHXOj
MBkwCPbbDLJl5q9J5OreshXYYmF4DNGXLXZBodDPswe49341SGtWdvpwlUW+qQNN
dQ+Un4gzm7bLEtPvpmhGWGWaoPHyB1bKFFK9Vi17iRB209m3jV1HiXIonmdiI/G+
Dl4xx6gcIfQ05qUqkKQPl551Ety5Anf8328lYaPOk72nlIDenKJRk+oeQjSYnJBW
9+Q9lO67cVdEAJ8P6sJ6hXI0QmDtrxMvn/tSf6bZL+FzCLnyfOk/vFdgcwVvlm98
55okZxTn5pvn9HHI6Zw7sUXzNd2T1hs29t1kVyL6TxS+wM65HoSxiRnFdYuSRVpm
E2yLd5fFtMrwAHJ0qa3AtUFUoVyKW2g3WrPj346DZgTC0CU1g2jFtD7G2xTy34j2
vIeAwBVweHmnFIAMXbHSUKkAkW5xWkDiZBYpeOZp23gkw7N0XAe1zrEJ0W5fpWyO
J41oxz1pF0rUoFKkPQrv
=AVXy
-----END PGP SIGNATURE-----
Added tag(s) pending.
Request was from jamessan@users.alioth.debian.org
to control@bugs.debian.org.
(Sun, 19 Apr 2015 18:51:15 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 26 Oct 2016 07:37:50 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:12:09 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon