[SECURITY] Updated: subversion-1.8.16-1
David Rothenberger
daveroth@acm.org
Sat Apr 30 23:19:00 GMT 2016
SECURITY:
=========
This release fixes two security issues:
CVE-2016-2167:
svnserve/sasl may authenticate users using the wrong realm.
http://subversion.apache.org/security/CVE-2016-2167-advisory.txt
CVE-2016-2168:
Remotely triggerable DoS vulnerability in mod_authz_svn during
COPY/MOVE authorization check.
http://subversion.apache.org/security/CVE-2016-2168-advisory.txt
NEWS:
=====
See CHANGES (URL below) for more information about the differences
between 1.8.0 and previous Subversion releases.
IMPORTANT: Please read the release notes (URL below) before
upgrading from a previous major release. 1.8 includes a new working
copy format with a manual upgrade operation. This will render your
working copy unusable with previous major releases. Furthermore,
there are some issues trying to upgrade corrupt working copies.
Please see the release notes
http://subversion.apache.org/docs/release-notes/1.8.html
for more details about the changes in Subversion.
See
http://svn.apache.org/repos/asf/subversion/tags/1.8.16/CHANGES
for more details about the changes in 1.8.16.
This release changes mod_dav_svn to no longer map requests to the local
filesystem. Administrators of mod_dav_svn servers should read the
section about this in the release notes:
http://subversion.apache.org/docs/release-notes/1.8.html#mod_dav_svn-fsmap
DESCRIPTION:
============
Subversion is a version control system designed to be a compelling
successor to CVS.
Please see
http://svnbook.red-bean.com/nightly/en/index.html
for the latest official release of the Subversion Book.
QUESTIONS:
==========
If you want to make a point or ask a question the Cygwin mailing list is
the appropriate place.
More information about the Cygwin-announce
mailing list