-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.0 Source: subversion Binary: subversion, subversion-dbg, libsvn1, libsvn-dev, libsvn-doc, libapache2-mod-svn, libapache2-svn, python-subversion, subversion-tools, libsvn-java, libsvn-perl, ruby-svn, libsvn-ruby1.8 Architecture: any all Version: 1.8.13-1+deb9u1 Maintainer: Peter Samuelson <[email protected]> Uploaders: Troy Heber <[email protected]>, James McCoy <[email protected]> Homepage: http://subversion.apache.org/ Standards-Version: 3.9.5 Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-subversion/src/1.8.x/ Vcs-Svn: svn://anonscm.debian.org/pkg-subversion/src/1.8.x/ Testsuite: autopkgtest Build-Depends: debhelper (>= 8), libserf-dev (>= 1.2), zlib1g-dev, libapr1-dev, libaprutil1-dev, libdb5.3-dev, libsasl2-dev, apache2-dev (>= 2.4.16), dh-apache2, libsqlite3-dev (>= 3.7.12), libgnome-keyring-dev, libdbus-1-dev, kdelibs5-dev, quilt, doxygen, autotools-dev, autoconf, libtool-bin, swig, python-all-dev, perl, libperl-dev, ruby, ruby-dev, default-jdk, junit Build-Conflicts: libsvn-dev (<< 1.8~), ruby-test-unit Package-List: libapache2-mod-svn deb httpd optional arch=any libapache2-svn deb oldlibs extra arch=all libsvn-dev deb libdevel extra arch=any libsvn-doc deb doc extra arch=all libsvn-java deb java optional arch=any libsvn-perl deb perl optional arch=any libsvn-ruby1.8 deb oldlibs extra arch=all libsvn1 deb libs optional arch=any python-subversion deb python optional arch=any ruby-svn deb ruby optional arch=any subversion deb vcs optional arch=any subversion-dbg deb debug extra arch=any subversion-tools deb vcs extra arch=any Checksums-Sha1: 437cf662b7ed27d2254aa7ca334fdd74b49262ef 9326793 subversion_1.8.13.orig.tar.gz 32e574329a1782f9dc988a3b0d82a026048c4e44 288336 subversion_1.8.13-1+deb9u1.diff.gz Checksums-Sha256: 17e8900a877ac9f0d5ef437c20df437fec4eb2c5cb9882609d2277e2312da52c 9326793 subversion_1.8.13.orig.tar.gz d42184f5352f85fb304a8e469f3ebff64ddebb5a35bfc428f4cce32491b9b1a2 288336 subversion_1.8.13-1+deb9u1.diff.gz Files: 8065b3698d799507fb72dd7926ed32b6 9326793 subversion_1.8.13.orig.tar.gz b571f315c591ef68ddb32672c8a935c4 288336 subversion_1.8.13-1+deb9u1.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJVy/mcXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5MUJGQkY0RDY5NTZCRDVERjdCNzJEMjNE RkU2OTFBRTMzMUJBM0RCAAoJEN/mka4zG6PbYMgQAMV7qJE2DBAKHSj+Aa50b/T1 oaurnwWjF9331hbNMyrCQo/QrH35akyiiVa5e0AssVclshZ7YUBXtsmW0CiLY90f 8vp9tbJlntYzygIIQqKmdIoD8kVfGgTNu8AWK4P8bF8SWYjq01NVQvJ8YuHCE7Sj FSk4cExhjO8IYKxeCyfbYo2yyXMutpytZ4Oqu60TS6AaNHAvzpVIY3OrLz5o4PO2 mSelSeNHcqcHG9Tsohd/BPC+eDuuCZXDttTCVuFA0JxKPcymqBgeYv84rfdrUOeb RLKOIm2PMplfl2vamqHhGkqKQRp7d2WUum2G2NMtZ15V1SqpNZ1qaBZ4Idh64X2Z tRir48eFNk0Ppd99p3LM1wXZmX/S4aWNbl9/L0CkEZAY28EkygWMr2gJn7DoYy07 r5b+UCeWp8ZmX20hW8v9Fud+1eFcaOYOzCVdMLftwrp+YyIY+IX4Vbf6Gn7Bb8CR sfjwJi0SbpS9Haj5KWvjIQdZOdV4hvHrp4AHc1wu9jCtSD9sos737L3wzx9NE/9r 1S7g/Mv7NEaqVZZ8yGMGJycdfxfuJ/BzBII32nEZego1sQqW/srXxGuVRDgJTXT6 2X80eGiEIRRn6N3Zdvm8B+4vLXq9wUzVpMhzQC35ddcl/OT0yGZMVMTzJmG9kjln GDwsqfUQyY9ljWbDSus9 =Moy1 -----END PGP SIGNATURE----- Changes: subversion (1.8.13-1+deb9u1) stretch; urgency=medium * Add (Build-)Depends on apache2 packages necessary for security fixes. * patches/CVE-2015-3814: Mixed anonymous/authenticated path-based authz with httpd 2.4 * patches/CVE-2015-3817: svn_repos_trace_node_locations() reveals path hidden by authz -- James McCoy <[email protected]> Wed, 12 Aug 2015 20:31:26 -0400
