Return-Path: X-Original-To: apmail-subversion-announce-archive@minotaur.apache.org Delivered-To: apmail-subversion-announce-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8051717F11 for ; Tue, 31 Mar 2015 12:06:48 +0000 (UTC) Received: (qmail 57482 invoked by uid 500); 31 Mar 2015 12:06:46 -0000 Delivered-To: apmail-subversion-announce-archive@subversion.apache.org Received: (qmail 57441 invoked by uid 500); 31 Mar 2015 12:06:46 -0000 Mailing-List: contact announce-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list announce@subversion.apache.org Delivered-To: moderator for announce@subversion.apache.org Received: (qmail 44780 invoked by uid 99); 31 Mar 2015 12:03:51 -0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,UNPARSEABLE_RELAY X-Spam-Check-By: apache.org Received-SPF: error (athena.apache.org: local policy) X-Envelope-From: stsp@apache.org Date: Tue, 31 Mar 2015 14:02:20 +0200 From: Stefan Sperling To: Subversion Development , Subversion Users , Subversion Announcements , Apache Announcements Subject: Apache Subversion 1.8.13 released Message-ID: <20150331120220.GO17807@jim.stsp.name> Mail-Followup-To: Subversion Development , Subversion Users , Subversion Announcements , Apache Announcements MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.23 (2014-03-12) X-Virus-Checked: Checked by ClamAV on apache.org I'm happy to announce the release of Apache Subversion 1.8.13. This release addresses 3 security issues. CVE-2015-0202: Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. CVE-2015-0248: Subversion mod_dav_svn and svnserve are vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers CVE-2015-0251: Subversion HTTP servers allow spoofing svn:author property values for new revisions For details see the advisories at: http://subversion.apache.org/security/CVE-2015-0202-advisory.txt http://subversion.apache.org/security/CVE-2015-0248-advisory.txt http://subversion.apache.org/security/CVE-2015-0251-advisory.txt Please choose the mirror closest to you by visiting: http://subversion.apache.org/download/#recommended-release The SHA1 checksums are: aa0bd14ac6a8f0fb178cc9ff325387de01cd7452 subversion-1.8.13.tar.bz2 a8ac829dd0d575461424fbd2335820f9d094c379 subversion-1.8.13.zip 437cf662b7ed27d2254aa7ca334fdd74b49262ef subversion-1.8.13.tar.gz PGP Signatures are available at: http://www.apache.org/dist/subversion/subversion-1.8.13.tar.bz2.asc http://www.apache.org/dist/subversion/subversion-1.8.13.tar.gz.asc http://www.apache.org/dist/subversion/subversion-1.8.13.zip.asc For this release, the following people have provided PGP signatures: Bert Huijben [4096R/CCC8E1DF] with fingerprint: 3D1D C66D 6D2E 0B90 3952 8138 C4A6 C625 CCC8 E1DF Branko Čibej [4096R/A347943F] with fingerprint: BA3C 15B1 337C F0FB 222B D41A 1BCA 6586 A347 943F Ivan Zhakov [4096R/F6AD8147] with fingerprint: 4829 8F0F E47F 4B8A 43FD 6525 919F 6F61 F6AD 8147 Johan Corveleyn [4096R/010C8AAD] with fingerprint: 8AA2 C10E EAAD 44F9 6972 7AEA B59C E6D6 010C 8AAD Julian Foad [4096R/4EECC493] with fingerprint: 6011 63CF 9D49 9FD7 18CF 582D 1FB0 64B8 4EEC C493 Philip Martin [2048R/ED1A599C] with fingerprint: A844 790F B574 3606 EE95 9207 76D7 88E1 ED1A 599C Stefan Fuhrmann [4096R/57921ACC] with fingerprint: 056F 8016 D9B8 7B1B DE41 7467 99EC 741B 5792 1ACC Stefan Sperling [2048R/9A59B973] with fingerprint: 8BC4 DAE0 C5A4 D65F 4044 0107 4F7D BAA9 9A59 B973 Release notes for the 1.8.x release series may be found at: http://subversion.apache.org/docs/release-notes/1.8.html You can find the list of changes between 1.8.13 and earlier versions at: http://svn.apache.org/repos/asf/subversion/tags/1.8.13/CHANGES Questions, comments, and bug reports to users@subversion.apache.org. Thanks, - The Subversion Team