Return-Path: X-Original-To: apmail-subversion-dev-archive@minotaur.apache.org Delivered-To: apmail-subversion-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9B5CF1811B for ; Tue, 15 Dec 2015 15:40:05 +0000 (UTC) Received: (qmail 60470 invoked by uid 500); 15 Dec 2015 15:40:00 -0000 Delivered-To: apmail-subversion-dev-archive@subversion.apache.org Received: (qmail 60378 invoked by uid 500); 15 Dec 2015 15:40:00 -0000 Mailing-List: contact dev-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@subversion.apache.org Received: (qmail 60301 invoked by uid 99); 15 Dec 2015 15:40:00 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 15 Dec 2015 15:40:00 +0000 Received: from mail-io0-f176.google.com (mail-io0-f176.google.com [209.85.223.176]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 05FA61A06AB for ; Tue, 15 Dec 2015 15:40:00 +0000 (UTC) Received: by mail-io0-f176.google.com with SMTP id o67so23208997iof.3 for ; Tue, 15 Dec 2015 07:39:59 -0800 (PST) X-Gm-Message-State: ALoCoQkC5Fk6ZdoAanefWlyIy8tMg4ZpjId68JEk4oGdndiU1/N4ne6zj7Du1lZHLugAJmE73TEAwinpSLVoRdNCd+ht2djXmtIgfWm/8D+jC1D6dhnp+4U= X-Received: by 10.107.25.77 with SMTP id 74mr35747027ioz.196.1450193999500; Tue, 15 Dec 2015 07:39:59 -0800 (PST) MIME-Version: 1.0 Received: by 10.64.252.162 with HTTP; Tue, 15 Dec 2015 07:39:40 -0800 (PST) From: Evgeny Kotkov Date: Tue, 15 Dec 2015 18:39:40 +0300 X-Gmail-Original-Message-ID: Message-ID: Subject: [ANNOUNCE] Apache Subversion 1.9.3 released To: Subversion Development , Subversion Users , Subversion Announcements , Apache Announcements Content-Type: text/plain; charset=UTF-8 I'm happy to announce the release of Apache Subversion 1.9.3. Please choose the mirror closest to you by visiting: http://subversion.apache.org/download/#recommended-release This release fixes two security issues: CVE-2015-5259: Remotely triggerable heap overflow and out-of-bounds read caused by integer overflow in the svn:// protocol parser. http://subversion.apache.org/security/CVE-2015-5259-advisory.txt CVE-2015-5343: Remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel-encoded request bodies. http://subversion.apache.org/security/CVE-2015-5343-advisory.txt The SHA1 checksums are: 27e8df191c92095f48314a415194ec37c682cbcf subversion-1.9.3.tar.bz2 b0cf8a64b1c244fcf2fa282d59ba34d7a57c3751 subversion-1.9.3.tar.gz a3216ef4bc804926c8be5dac07c32df5ab82d38a subversion-1.9.3.zip PGP Signatures are available at: http://www.apache.org/dist/subversion/subversion-1.9.3.tar.bz2.asc http://www.apache.org/dist/subversion/subversion-1.9.3.tar.gz.asc http://www.apache.org/dist/subversion/subversion-1.9.3.zip.asc For this release, the following people have provided PGP signatures: Bert Huijben [4096R/CCC8E1DF] with fingerprint: 3D1D C66D 6D2E 0B90 3952 8138 C4A6 C625 CCC8 E1DF Evgeny Kotkov [4096R/09F9FA74] with fingerprint: E7B2 A7F4 EC28 BE9F F8B3 8BA4 B64F FF12 09F9 FA74 Ivan Zhakov [4096R/F6AD8147] with fingerprint: 4829 8F0F E47F 4B8A 43FD 6525 919F 6F61 F6AD 8147 Johan Corveleyn [4096R/010C8AAD] with fingerprint: 8AA2 C10E EAAD 44F9 6972 7AEA B59C E6D6 010C 8AAD Julian Foad [4096R/4EECC493] with fingerprint: 6011 63CF 9D49 9FD7 18CF 582D 1FB0 64B8 4EEC C493 Philip Martin [2048R/ED1A599C] with fingerprint: A844 790F B574 3606 EE95 9207 76D7 88E1 ED1A 599C Stefan Fuhrmann [4096R/57921ACC] with fingerprint: 056F 8016 D9B8 7B1B DE41 7467 99EC 741B 5792 1ACC Stefan Sperling [2048R/9A59B973] with fingerprint: 8BC4 DAE0 C5A4 D65F 4044 0107 4F7D BAA9 9A59 B973 Release notes for the 1.9.x release series may be found at: http://subversion.apache.org/docs/release-notes/1.9.html You can find the list of changes between 1.9.3 and earlier versions at: http://svn.apache.org/repos/asf/subversion/tags/1.9.3/CHANGES Questions, comments, and bug reports to users@subversion.apache.org. Thanks, - The Subversion Team