From users-return-17609-apmail-subversion-users-archive=subversion.apache.org@subversion.apache.org Thu Apr 4 20:57:03 2013 Return-Path: X-Original-To: apmail-subversion-users-archive@minotaur.apache.org Delivered-To: apmail-subversion-users-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5F152F8B0 for ; Thu, 4 Apr 2013 20:57:03 +0000 (UTC) Received: (qmail 83166 invoked by uid 500); 4 Apr 2013 20:57:01 -0000 Delivered-To: apmail-subversion-users-archive@subversion.apache.org Received: (qmail 82970 invoked by uid 500); 4 Apr 2013 20:57:01 -0000 Mailing-List: contact users-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@subversion.apache.org Received: (qmail 82625 invoked by uid 99); 4 Apr 2013 20:57:01 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Apr 2013 20:57:01 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=SPF_HELO_PASS,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [50.197.89.41] (HELO mail.brain.org) (50.197.89.41) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Apr 2013 20:56:55 +0000 Received: from localhost (localhost [127.0.0.1]) by mail.brain.org (Postfix) with ESMTP id 43923179E267; Thu, 4 Apr 2013 13:56:34 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at fornix.brain.org Received: from mail.brain.org ([127.0.0.1]) by localhost (fornix.brain.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id upQSHm+Q9eT4; Thu, 4 Apr 2013 13:56:28 -0700 (PDT) Received: from mail-ob0-x233.google.com (mail-ob0-x233.google.com [IPv6:2607:f8b0:4003:c01::233]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by mail.brain.org (Postfix) with ESMTPSA id 962D9179E071; Thu, 4 Apr 2013 13:56:27 -0700 (PDT) Received: by mail-ob0-f179.google.com with SMTP id vb8so3007757obc.24 for ; Thu, 04 Apr 2013 13:56:26 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.60.35.197 with SMTP id k5mr5663232oej.138.1365108986369; Thu, 04 Apr 2013 13:56:26 -0700 (PDT) Received: by 10.60.63.6 with HTTP; Thu, 4 Apr 2013 13:56:26 -0700 (PDT) Date: Thu, 4 Apr 2013 13:56:26 -0700 Message-ID: Subject: Subversion 1.6.21 released From: Ben Reser To: announce@subversion.apache.org, users@subversion.apache.org, Subversion Development Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org I'm happy to announce the release of Subversion 1.6.21. Please choose the mirror closest to you by visiting: http://subversion.apache.org/download/#supported-releases This release addesses four security issues: CVE-2013-1845: mod_dav_svn excessive memory usage from property changes CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs More information on these vulnerabilities, including the relevent advisories and potential attack vectors and workarounds, can be found on the Subversion security website: http://subversion.apache.org/security/ The SHA1 checksums are: bb7c4692216adf0eab89cd3e5d58bbc5908b639c subversion-1.6.21.tar.gz 44dfcd5ffb8f09bce1c04f93250ef171f43a6b29 subversion-1.6.21.zip c62b0f9c4dff7202bd5e00876135557b5f5b5f55 subversion-1.6.21.tar.bz2 PGP Signatures are available at: http://subversion.tigris.org/downloads/subversion-1.6.21.tar.bz2.asc http://subversion.tigris.org/downloads/subversion-1.6.21.tar.gz.asc http://subversion.tigris.org/downloads/subversion-1.6.21.zip.asc For this release, the following people have provided PGP signatures: Ben Reser [4096R/16A0DE01] with fingerprint: 19BB CAEF 7B19 B280 A0E2 175E 62D4 8FAD 16A0 DE01 C. Michael Pilato [4096R/FE681333] with fingerprint: 753B 2F9D F717 FA23 A43E E7C3 F5E0 F001 FE68 1333 Johan Corveleyn [4096R/010C8AAD] with fingerprint: 8AA2 C10E EAAD 44F9 6972 7AEA B59C E6D6 010C 8AAD Mark Phippard [1024D/035A96A9] with fingerprint: D315 89DB E1C1 E9BA D218 39FD 265D F8A0 035A 96A9 Paul T. Burba [4096R/56F3D7BC] with fingerprint: 1A0F E7C6 B3C5 F8D4 D0C4 A20B 64DD C071 56F3 D7BC Philip Martin [2048R/ED1A599C] with fingerprint: A844 790F B574 3606 EE95 9207 76D7 88E1 ED1A 599C Stefan Sperling [2048R/9A59B973] with fingerprint: 8BC4 DAE0 C5A4 D65F 4044 0107 4F7D BAA9 9A59 B973 Release notes for the 1.6.x release series may be found at: http://subversion.apache.org/docs/release-notes/1.6.html You can find the list of changes between 1.6.21 and earlier versions at: http://svn.apache.org/repos/asf/subversion/tags/1.6.21/CHANGES Questions, comments, and bug reports to users@subversion.apache.org. Thanks, - The Subversion Team