CVE redaction for 1.8.5 [bnc#850747]

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm:svn/subversion?expand=0&rev=155
2013-11-25 18:39:31 +00:00 · 2013-11-25 18:39:31 +00:00 · d1b55fb889
commit d1b55fb889
parent 9c1acfd1fe
2 changed files with 11 additions and 1 deletions
--- a/subversion.changes
+++ b/subversion.changes
@ -1,3 +1,8 @@
 -------------------------------------------------------------------
 Mon Nov 25 18:33:46 UTC 2013 - andreas.stieger@gmx.de
 - CVE redaction for 1.8.5 [bnc#850747]
 -------------------------------------------------------------------
 Mon Nov 25 08:00:00 UTC 2013 - andreas.stieger@gmx.de
@ -7,7 +12,11 @@ Mon Nov 25 08:00:00 UTC 2013 - andreas.stieger@gmx.de
 -------------------------------------------------------------------
 Mon Nov 25 00:00:00 UTC 2013 - andreas.stieger@gmx.de
- update to 1.8.5 [bnc#850747]
+- update to 1.8.5 [bnc#850747], addressing two security issues:
    * CVE-2013-4505: mod_dontdothat does not restrict requests from
                     serf clients.
    * CVE-2013-4558: mod_dav_svn assertion triggered by
                     autoversioning commits.
  - Client-side bugfixes:
    * fix externals that point at redirected locations
    * diff: fix assertion with move inside a copy
--- a/subversion.spec
+++ b/subversion.spec
@ -17,6 +17,7 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 # svn 1.8 supports ruby 1.8 >= 1.8.2 or 1.9.3 specifically. openSUSE 13.2 
 # has ruby 2.0 - Ruby bindings to be re-enabled when svn is ported to ruby 2.0
 %define with_ruby          0%{?suse_version} > 1110 && 0%{?suse_version} <= 1310