X-Recipient: archive-cygwin@delorie.com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:mime-version:to:subject :content-type:content-transfer-encoding:reply-to; q=dns; s= default; b=E1ZKXGnnMriDL1vWN65aXDsjIuXDskcs3ZWtEWdizqL4u9Di1KDDT F5lK8ZNHRyeSHGnnNHIbQrJjbeE7gRqjyTm58LaDK70IWwqjTRBfd7DsSJ89EQz/ hDFnPeSb4QBir3x/k04XAB0sKqb5Fb707QTLCi66HIh3TieSXVUeVU= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:mime-version:to:subject :content-type:content-transfer-encoding:reply-to; s=default; bh= wAnc0YawuzB8X8WVqFSP4bK5bOU=; b=gKsQ/LlHbwki7eAJrgSQ/TTRRS+oyiw9 5Yf039qrUHp+eudaNnbWQxvL8Fff4RgfhhEp8ilEEWbHM0OaJGyGYzY/3ujADkTb uv0PVj0mzyOIIM3aIapm54NAlG/0AnLJPvBIaSWhvm2VjxDS4K3IXKr3SZlYm1LI hVBncoJWi0c= Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-HELO: localhost.localdomain Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=1.5 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_NONE,SPF_SOFTFAIL autolearn=no version=3.3.2 Message-Id: Date: Sun, 21 Dec 2014 08:07:35 -0800 From: David Rothenberger User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 To: cygwin@cygwin.com Subject: [ANNOUNCEMENT] [SECURITY] Updated: subversion-1.8.11-1 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Reply-To: cygwin@cygwin.com This release addresses two security issues: CVE-2014-3580: mod_dav_svn DoS from invalid REPORT requests. CVE-2014-8108: mod_dav_svn DoS from use of invalid transaction names. NEWS: ===== See CHANGES (URL below) for more information about the differences between 1.8.0 and previous Subversion releases. IMPORTANT: Please read the release notes (URL below) before upgrading from a previous major release. 1.8 includes a new working copy format with a manual upgrade operation. This will render your working copy unusable with previous major releases. Furthermore, there are some issues trying to upgrade corrupt working copies. Please see the release notes http://subversion.apache.org/docs/release-notes/1.8.html for more details about the changes in Subversion. See http://svn.apache.org/repos/asf/subversion/tags/1.8.11/CHANGES for more details about the changes in 1.8.11. This release changes mod_dav_svn to no longer map requests to the local filesystem. Administrators of mod_dav_svn servers should read the section about this in the release notes: http://subversion.apache.org/docs/release-notes/1.8.html#mod_dav_svn-fsmap DESCRIPTION: ============ Subversion is a version control system designed to be a compelling successor to CVS. Please see http://svnbook.red-bean.com/nightly/en/index.html for the latest official release of the Subversion Book. QUESTIONS: ========== If you want to make a point or ask a question the Cygwin mailing list is the appropriate place. -- David Rothenberger ---- daveroth@acm.org -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple