subversion-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Reser <bre...@apache.org>
Subject Re: Apache Subversion 1.8.3 released
Date Fri, 30 Aug 2013 15:58:10 GMT
On 8/30/13 8:34 AM, Ben Reser wrote:
> I'm happy to announce the release of Apache Subversion 1.8.3.
> 
> Please note that Subversion 1.8.3 is the next release after Subversion 1.8.1.
> The 1.8.2 release was not published publicly, due to issues found
> during testing.
> 
> Please choose the mirror closest to you by visiting:
> 
>     http://subversion.apache.org/download/#recommended-release
> 
> This release addresses three security issues:
>     CVE-2013-4246: fsfs: corruption from editing packed revision properties
>     CVE-2013-4262: admin-side tools: symlink attack against pid file
>     CVE-2013-4246: svnserve: symlink attack against pid file
> 
> More information on these vulnerabilities, including the relevant
> advisories and potential attack vectors and workarounds, can be found
> on the Subversion security website:
>     http://subversion.apache.org/security/

CVE-2013-4246 was inadvertantly used twice in this announcement.  The corrent
list of security issues follows:
     CVE-2013-4246: fsfs: corruption from editing packed revision properties
     CVE-2013-4262: admin-side tools: symlink attack against pid file
     CVE-2013-4277: svnserve: symlink attack against pid file



Mime
View raw message