This is the mail archive of the
cygwin-announce
mailing list for the Cygwin project.
[SECURITY] Updated: subversion-1.9.4-1
- From: David Rothenberger <daveroth at acm dot org>
- To: cygwin-announce at cygwin dot com
- Date: Sat, 30 Apr 2016 13:01:21 -0700
- Subject: [SECURITY] Updated: subversion-1.9.4-1
- Authentication-results: sourceware.org; auth=none
- Reply-to: The Cygwin Mailing List <cygwin at cygwin dot com>
SECURITY:
=========
This release fixes two security issues:
CVE-2016-2167:
svnserve/sasl may authenticate users using the wrong realm.
http://subversion.apache.org/security/CVE-2016-2167-advisory.txt
CVE-2016-2168:
Remotely triggerable DoS vulnerability in mod_authz_svn during
COPY/MOVE authorization check.
http://subversion.apache.org/security/CVE-2016-2168-advisory.txt
NEWS:
=====
Please see the release notes
http://subversion.apache.org/docs/release-notes/1.9.html
for more details about the changes in Subversion.
See
http://svn.apache.org/repos/asf/subversion/tags/1.9.4/CHANGES
for more details about the changes in 1.9.4.
DESCRIPTION:
============
Subversion is a version control system designed to be a compelling
successor to CVS.
Please see
http://svnbook.red-bean.com/nightly/en/index.html
for the latest official release of the Subversion Book.
QUESTIONS:
==========
If you want to make a point or ask a question the Cygwin mailing list is
the appropriate place.