X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:to:subject:from:message-id:date:mime-version :content-type:content-transfer-encoding:reply-to; q=dns; s= default; b=M7wBvI5ETX3g5dBVUFMoF5LBJuWkYTTUpslkuK4lWOsZiaKq7wOAJ a/Ou+rlNrtNZbKFSBls2vqfKq2NHdg7gxaBMo1+NOQ69q/Nz2O5VkmgPk6fgrbiv GLiTdmsUFokG4jhJPBFUJV2DRdm7kcdpxz+xotaYNu2mBBHGcZidAg= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:to:subject:from:message-id:date:mime-version :content-type:content-transfer-encoding:reply-to; s=default; bh= +7Ul2FkhPH8bm8gb3WECqj23RGU=; b=JNkjJyKRX40/V70jko/xbVomk+YaDa7I CKUxHh1X/w3+Xfk5TJB8EW6NrPffQ+SmirgfMB11X6G5lNEBoJTmSHKEe+rZ1ayp p4yMyu3s9K58JrEm3AT/yxcADXcl7Vr+fe4/pWqPfNniUqgjS38H96g3oyQlhEeS AkDG/gjmLfY= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-HELO: localhost.localdomain Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=1.5 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_NONE,SPF_SOFTFAIL autolearn=no version=3.3.2 spammy=SECURITY, authorization, Book, furthermore To: cygwin AT cygwin DOT com Subject: [ANNOUNCEMENT] [SECURITY] Updated: subversion-1.8.16-1 From: David Rothenberger Message-Id: Date: Sat, 30 Apr 2016 13:02:23 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.0 MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Reply-To: cygwin AT cygwin DOT com SECURITY: ========= This release fixes two security issues: CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm. http://subversion.apache.org/security/CVE-2016-2167-advisory.txt CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn during COPY/MOVE authorization check. http://subversion.apache.org/security/CVE-2016-2168-advisory.txt NEWS: ===== See CHANGES (URL below) for more information about the differences between 1.8.0 and previous Subversion releases. IMPORTANT: Please read the release notes (URL below) before upgrading from a previous major release. 1.8 includes a new working copy format with a manual upgrade operation. This will render your working copy unusable with previous major releases. Furthermore, there are some issues trying to upgrade corrupt working copies. Please see the release notes http://subversion.apache.org/docs/release-notes/1.8.html for more details about the changes in Subversion. See http://svn.apache.org/repos/asf/subversion/tags/1.8.16/CHANGES for more details about the changes in 1.8.16. This release changes mod_dav_svn to no longer map requests to the local filesystem. Administrators of mod_dav_svn servers should read the section about this in the release notes: http://subversion.apache.org/docs/release-notes/1.8.html#mod_dav_svn-fsmap DESCRIPTION: ============ Subversion is a version control system designed to be a compelling successor to CVS. Please see http://svnbook.red-bean.com/nightly/en/index.html for the latest official release of the Subversion Book. QUESTIONS: ========== If you want to make a point or ask a question the Cygwin mailing list is the appropriate place. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple