Re: RFS: subversion (updated package) [lenny-backports, 1.6.12dfsg-5~bpo50+1]
-----BEGIN PGP SIGNED MESSAGE-----
On 2011-03-04 00:01, Michael Diers wrote:
> Dear mentors and backporters,
> I am looking for a sponsor for the new version 1.6.12dfsg-5~bpo50+1
> of my existing backport of package "subversion".
> The new version addresses the following issues, please see also the
> attached BSA draft notice:
> Subversion's mod_dav_svn Apache HTTPD server module will dereference
> a NULL pointer if a lock token is sent in a HTTP request by a
> Subversion client which has not authenticated to the server.
The security notice is to be called BSA-026, updated draft is attached.
Michael Diers, elego Software Solutions GmbH, http://www.elego.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
[ Please replace <Uploader> with your name and send the text as a
gpg inline signed mail to firstname.lastname@example.org. ]
Subject: [BSA-026] Security Update for subversion
<Uploader> uploaded new packages for subversion which fixed the
following security problems:
Subversion's mod_dav_svn Apache HTTPD server module will dereference
a NULL pointer if a lock token is sent in a HTTP request by a
Subversion client which has not authenticated to the server.
For the lenny-backports distribution the problems have been fixed in
For the stable distribution (squeeze) the problems have been fixed in
For the unstable distribution (sid) the problems have been fixed in
version 1.6.16dfsg-1. This version is expected to be migrated to the
testing distribution (wheezy) shortly.
If you don't use pinning (see ) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with
the packagelist of your installed packages affected by this update.
We recommend to pin (in /etc/apt/preferences) the backports repository to
200 so that new versions of installed backports will be installed
Pin: release a=lenny-backports