Return-Path: X-Original-To: apmail-subversion-announce-archive@minotaur.apache.org Delivered-To: apmail-subversion-announce-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 856131928A for ; Thu, 28 Apr 2016 15:03:55 +0000 (UTC) Received: (qmail 69611 invoked by uid 500); 28 Apr 2016 15:03:53 -0000 Delivered-To: apmail-subversion-announce-archive@subversion.apache.org Received: (qmail 69548 invoked by uid 500); 28 Apr 2016 15:03:52 -0000 Mailing-List: contact announce-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list announce@subversion.apache.org Delivered-To: moderator for announce@subversion.apache.org Received: (qmail 60482 invoked by uid 99); 28 Apr 2016 15:02:51 -0000 X-Gm-Message-State: AOPr4FVlm8EB6wmo0uN7/A6IhNjlAYi7DCcEAUyBgRQWevmSr1oweqRAEdgAOOwq9VQX5vUw/TLOKZSU9KnlJ+SG X-Received: by 10.107.181.79 with SMTP id e76mr18375270iof.196.1461855770356; Thu, 28 Apr 2016 08:02:50 -0700 (PDT) MIME-Version: 1.0 From: Evgeny Kotkov Date: Thu, 28 Apr 2016 18:02:30 +0300 X-Gmail-Original-Message-ID: Message-ID: Subject: [ANNOUNCE][SECURITY] Apache Subversion 1.8.16 released To: Subversion Development , Subversion Users , Subversion Announcements , Apache Announcements Cc: Apache Security Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable I'm happy to announce the release of Apache Subversion 1.8.16. Please choose the mirror closest to you by visiting: http://subversion.apache.org/download/#supported-releases This release fixes two security issues: CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm. http://subversion.apache.org/security/CVE-2016-2167-advisory.txt CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn during COPY/MOVE authorization check. http://subversion.apache.org/security/CVE-2016-2168-advisory.txt The SHA1 checksums are: 9596643a2728c55a4e54ff38608fde09b27fa494 subversion-1.8.16.tar.bz2 50d3004b57d714247158374694c9f06ba852e88a subversion-1.8.16.tar.gz 5a23082a998133be85efd0b5b81ef91d6b87fdd5 subversion-1.8.16.zip PGP Signatures are available at: http://www.apache.org/dist/subversion/subversion-1.8.16.tar.bz2.asc http://www.apache.org/dist/subversion/subversion-1.8.16.tar.gz.asc http://www.apache.org/dist/subversion/subversion-1.8.16.zip.asc For this release, the following people have provided PGP signatures: Branko =C4=8Cibej [4096R/A347943F] with fingerprint: BA3C 15B1 337C F0FB 222B D41A 1BCA 6586 A347 943F Evgeny Kotkov [4096R/09F9FA74] with fingerprint: E7B2 A7F4 EC28 BE9F F8B3 8BA4 B64F FF12 09F9 FA74 Ivan Zhakov [4096R/F6AD8147] with fingerprint: 4829 8F0F E47F 4B8A 43FD 6525 919F 6F61 F6AD 8147 Johan Corveleyn [4096R/010C8AAD] with fingerprint: 8AA2 C10E EAAD 44F9 6972 7AEA B59C E6D6 010C 8AAD Philip Martin [2048R/ED1A599C] with fingerprint: A844 790F B574 3606 EE95 9207 76D7 88E1 ED1A 599C Stefan Fuhrmann [4096R/57921ACC] with fingerprint: 056F 8016 D9B8 7B1B DE41 7467 99EC 741B 5792 1ACC Stefan Sperling [2048R/9A59B973] with fingerprint: 8BC4 DAE0 C5A4 D65F 4044 0107 4F7D BAA9 9A59 B973 Release notes for the 1.8.x release series may be found at: http://subversion.apache.org/docs/release-notes/1.8.html You can find the list of changes between 1.8.16 and earlier versions at: http://svn.apache.org/repos/asf/subversion/tags/1.8.16/CHANGES Questions, comments, and bug reports to users@subversion.apache.org. Thanks, - The Subversion Team