RE: [SECURITY] [DSA 3107-1] subversion security update

To: "debian-security@lists.debian.org" <debian-security@lists.debian.org>, "debian-security-announce@lists.debian.org" <debian-security-announce@lists.debian.org>
Subject: RE: [SECURITY] [DSA 3107-1] subversion security update
From: Herb Garcia <herb@mngeoservices.com>
Date: Sat, 27 Dec 2014 01:05:05 -0600
Message-id: <[🔎] E7D7BE6BD583B843AA01931BE33FB773F385B7AFE2@Exchangehost.ad.pcspeed.com>
In-reply-to: <87h9wqgor7.fsf@mid.deneb.enyo.de>
References: <87h9wqgor7.fsf@mid.deneb.enyo.de>

I can't get this update to upgrade using apt-get on wheezy. I also can't get the wheezy backport version to upgrade. I still have version 1.6.17dfsg-4+deb7u6, although ...deb7u8 apparently is the new current version.

Herb Garcia P.G.
President
Minnesota GeoServices, Inc.
40 Woodlynn Avenue
Little Canada, MN 55117
651-261-2072 cell
651-644-1571 work
651-645-7854 fax
herb@mngeoservices.com
www.mngeoservices.com

-----Original Message-----
From: Florian Weimer [mailto:fw@deneb.enyo.de] 
Sent: Saturday, December 20, 2014 12:28 PM
To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 3107-1] subversion security update
Importance: High

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3107-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
December 20, 2014                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : subversion
CVE ID         : CVE-2014-3580
Debian Bug     : 773263

Evgeny Kotkov discovered a NULL pointer dereference while processing REPORT requests in mod_dav_svn, the Subversion component which is used to serve repositories with the Apache web server.  A remote attacker could abuse this vulnerability for a denial of service.

For the stable distribution (wheezy), this problem has been fixed in version 1.6.17dfsg-4+deb7u7.

For the unstable distribution (sid), this problem has been fixed in version 1.8.10-5.

We recommend that you upgrade your subversion packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJUlcb3AAoJEL97/wQC1SS+MbYIAKE5phOjZkRQRFmmzGfgpens
RpM+I2mBJ1ghvHvd+3CIQsBjtIuzxgih+ekUYQ8YP5dOB1erV4cI3zMbjnv1x4ZC
ZxLxDNfPGQ3xmBNwAXT+ohkVturBrqZpvxz/vR4ms77mvOHo4Zm1r/WWHgs19Cnm
WgNGXTCz59HXmzFhsrmwWA0Ojr8lBEbr9t4hKeciq4QAdaMjvYoZhi9KaUMJh1K5
4ntIBP/KdaqlCTCb46w1QqG/bJ6lHv89DGX9GbKpM1PNCI6ejyVnU0CmEovDPTLs
evr91+DzT3CTTPOvGxeabcrhxun/xeNPdcxdwuayEHzx7OGU1OvhdFW6j/XIecU=
=3nn5
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: https://lists.debian.org/87h9wqgor7.fsf@mid.deneb.enyo.de

Reply to:

Prev by Date: Re: Testing needed for binutils security update
Next by Date: Upcoming stable point release (7.8)
Previous by thread: Bug#773861: RFS: signify-openbsd/7-1 [ITP] -- Lightweight cryptographic signing and verifying tool
Next by thread: Upcoming stable point release (7.8)
Index(es):
- Date
- Thread