Subversion 1.6.13 security update
Bug #659362 reported by
Heimen Stoffels
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
subversion (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Karmic |
Fix Released
|
Medium
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Unassigned | ||
Maverick |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: subversion
On October 1, Subversion 1.6.13 was released. It contains a security fix.
"Subversion 1.6.13, the latest stable version of Subversion, has been released. For more information, see the release announcement or the change log. Of note, this release addresses CVE-2010-3315, a security issue when using SVNPathAuthz short_circuit."
So either 1.6.13 must be thrown into the updates of 10.10 (which currently features 1.6.12) or 1.6.12 needs to be patched fixing the issue.
CVE References
visibility: | private → public |
Changed in subversion (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
To post a comment you must log in.
This is fixed in natty. Karmic, Lucid and Maverick still need to be fixed. Source is in main, binaries are in universe.