DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:content-type:content-transfer-encoding:reply-to; q=dns; s=
	default; b=ksSXIVn1dlZCIz6a+X5ETuiB8mr9cWN8P1U03wlx9/9s0Wiixp7P1
	G0RRDNeJ/rEPkJh8iKmiPj6kEra7Mp2o9slgVaVTCdaTUSaaxdlfmO4b9EEQl8hJ
	K/TMrWCOPm4g7QLRHDqzjPtKAHqLP9Y/aSrljpnII/DuHiC2MZygN0=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Message-Id: <announce.551F2932.6090608@acm.org>
Date: Fri, 03 Apr 2015 16:58:42 -0700
From: David Rothenberger <daveroth AT acm DOT org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: [ANNOUNCEMENT] Updated: subversion-1.8.13-1
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Reply-To: cygwin AT cygwin DOT com

This release addresses 3 security issues.

  CVE-2015-0202: Subversion HTTP servers with FSFS repositories are
                 vulnerable to a remotely triggerable excessive memory
                 use with certain REPORT requests.
  CVE-2015-0248: Subversion mod_dav_svn and svnserve are vulnerable to a
                 remotely triggerable assertion DoS vulnerability for certain
                 requests with dynamically evaluated revision numbers
  CVE-2015-0251: Subversion HTTP servers allow spoofing svn:author property
                 values for new revisions

For details see the advisories at:

    http://subversion.apache.org/security/CVE-2015-0202-advisory.txt
    http://subversion.apache.org/security/CVE-2015-0248-advisory.txt
    http://subversion.apache.org/security/CVE-2015-0251-advisory.txt

NEWS:
=====
See CHANGES (URL below) for more information about the differences
between 1.8.0 and previous Subversion releases.

IMPORTANT: Please read the release notes (URL below) before
upgrading from a previous major release. 1.8 includes a new working
copy format with a manual upgrade operation. This will render your
working copy unusable with previous major releases. Furthermore,
there are some issues trying to upgrade corrupt working copies.

Please see the release notes

  http://subversion.apache.org/docs/release-notes/1.8.html

for more details about the changes in Subversion.

See

  http://svn.apache.org/repos/asf/subversion/tags/1.8.13/CHANGES

for more details about the changes in 1.8.13.

This release changes mod_dav_svn to no longer map requests to the local
filesystem.  Administrators of mod_dav_svn servers should read the
section about this in the release notes:
    http://subversion.apache.org/docs/release-notes/1.8.html#mod_dav_svn-fsmap

DESCRIPTION:
============
Subversion is a version control system designed to be a compelling
successor to CVS.

Please see 

  http://svnbook.red-bean.com/nightly/en/index.html

for the latest official release of the Subversion Book.

QUESTIONS:
==========
If you want to make a point or ask a question the Cygwin mailing list is
the appropriate place.

-- 
David Rothenberger  ----  daveroth AT acm DOT org

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple