X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:from:message-id:date:mime-version
	:content-type:content-transfer-encoding:reply-to; q=dns; s=
	default; b=JSW6XW0AeCf2XOcqVVXhhtxe4mJxylOkwKx8Y4OnPelx9O2gvbSw6
	SR3TpNEp9Y73YspaUPfURyBruNywEYy+xjyQ91jHsmUSWsvT0bd8vdJe8nXW0WqN
	Bj1M7YJVMn2lh2tzPW3IbHvCsk6UPCQn+jgjWQ5eprwvlArrxW75GU=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:from:message-id:date:mime-version
	:content-type:content-transfer-encoding:reply-to; s=default; bh=
	uqgYB+n+NS5qd5SKy0Zc6iWX8gg=; b=Fo8prDUxvmLigtlnAbIsy/1WqJGSysuX
	przPKjbs1LjUmKYC/pQM+yu1XRbZpmrSLBfESZebCwaR30IgV56e7jOPjK+uCOz1
	cSjAUz5b7/ih3/4hrtFJUDPT9A2YkbTcBSPzKmIB+cd5iUseLFrhaN/A1qGuj9b+
	TSIcHLfL5pk=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-HELO: localhost.localdomain
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=1.5 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_NONE,SPF_SOFTFAIL autolearn=no version=3.3.2 spammy=SECURITY, authorization, Book, subversion
Subject: [ANNOUNCEMENT] [SECURITY] Updated: subversion-1.9.4-1
To: cygwin AT cygwin DOT com
From: David Rothenberger <daveroth AT acm DOT org>
Message-Id: <announce.959848ba-10e2-0dc2-f11b-ec3520e8d75d@acm.org>
Date: Sat, 30 Apr 2016 13:01:21 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.0
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Reply-To: cygwin AT cygwin DOT com

SECURITY:
=========
This release fixes two security issues:

    CVE-2016-2167:
    svnserve/sasl may authenticate users using the wrong realm.
    http://subversion.apache.org/security/CVE-2016-2167-advisory.txt

    CVE-2016-2168:
    Remotely triggerable DoS vulnerability in mod_authz_svn during
    COPY/MOVE authorization check.
    http://subversion.apache.org/security/CVE-2016-2168-advisory.txt


NEWS:
=====
Please see the release notes

  http://subversion.apache.org/docs/release-notes/1.9.html

for more details about the changes in Subversion.

See

  http://svn.apache.org/repos/asf/subversion/tags/1.9.4/CHANGES

for more details about the changes in 1.9.4.


DESCRIPTION:
============
Subversion is a version control system designed to be a compelling
successor to CVS.

Please see 

  http://svnbook.red-bean.com/nightly/en/index.html

for the latest official release of the Subversion Book.

QUESTIONS:
==========
If you want to make a point or ask a question the Cygwin mailing list is
the appropriate place.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple