说三道四技术文摘-感悟人生的经典句子
说三道四 > 文档快照

Apache Subversion 1.7.9正式发布!

HTML文档下载 WORD文档下载 PDF文档下载
Apache Subversion是一个开放源码的版本控制系统,近日,Apache Subversion项目组发布了最新的Apache Subversion1.7.9版本,主要修复了几个安全问题。

Apache Subversion是一个开放源码的版本控制系统,近日,Apache Subversion项目组发布了最新的Apache Subversion1.7.9版本。

 

该版本主要修复了下面几个安全问题: 

  • CVE-2013-1845:属性更改时,mod_dav_svn过度使用内存
  • CVE-2013-1846:针对活动URL发起LOCK请求可导致mod_dav_svn崩溃
  • CVE-2013-1847:针对不存在的URL发起LOCK请求可导致mod_dav_svn崩溃
  • CVE-2013-1849:针对活动URL发起PROPFIND请求可导致mod_dav_svn崩溃
  • CVE-2013-1884:在限制范围外发起REPORT请求可导致mod_dav_svn崩溃

详细内容如下:

 User-visible changes  - Client-side bugfixes:    * improved error messages about svn:date and svn:author props. (r1440620)    * fix local_relpath assertion (issue #4257)    * fix memory leak in `svn log` over svn:// (r1458341)    * fix incorrect authz failure when using neon http library (issue #4332)    * fix segfault when using kwallet (r1421103)      - Server-side bugfixes:    * svnserve will log the replayed rev not the low-water rev. (r1461278)    * mod_dav_svn will omit some property values for activity urls (r1453780)    * fix an assertion in mod_dav_svn when acting as a proxy on / (issue #4272)    * improve memory usage when committing properties in mod_dav_svn (r1443929)    * fix svnrdump to load dump files with non-LF line endings (issue #4263)    * fix assertion when rep-cache is inaccessible (r1422100)    * improved logic in mod_dav_svn's implementation of lock. (r1455352)    * avoid executing unnecessary code in log with limit (r1459599) Developer-visible changes:  - General:    * fix an assertion in dav_svn_get_repos_path() on Windows (r1425368)    * fix get-deps.sh to correctly download zlib (r13520131)    * doxygen docs will now ignore prefixes when producing the index (r1429201)    * fix get-deps.sh on freebsd (r1423646)  - Bindings:    * javahl status api now respects the ignoreExternals boolean (r1435361)

详细信息:http://subversion.apache.org/security/

下载地址:http://subversion.apache.org/

备案号:鲁ICP备13029499号-2 说三道四 www.s3d4.cn 说三道四技术文摘