You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by ko...@apache.org on 2016/04/21 11:13:53 UTC
svn commit: r1740263 - /subversion/trunk/CHANGES
Author: kotkov
Date: Thu Apr 21 09:13:53 2016
New Revision: 1740263
URL: http://svn.apache.org/viewvc?rev=1740263&view=rev
Log:
* CHANGES: List CVE-2015-5259 and CVE-2015-5343.
Modified:
subversion/trunk/CHANGES
Modified: subversion/trunk/CHANGES
URL: http://svn.apache.org/viewvc/subversion/trunk/CHANGES?rev=1740263&r1=1740262&r2=1740263&view=diff
==============================================================================
--- subversion/trunk/CHANGES (original)
+++ subversion/trunk/CHANGES Thu Apr 21 09:13:53 2016
@@ -19,12 +19,16 @@ http://svn.apache.org/repos/asf/subversi
* ra_local: disable zero-copy code path (r1718167)
- Server-side bugfixes:
+ * mod_dav_svn: fix heap overflow with skel-encoded requests (CVE-2015-5343)
* mod_authz_svn: fix authz with mod_auth_kerb/mod_auth_ntlm (issue #4602)
* mod_dav_svn: fix display of process ID in cache statistics (r1709553)
* mod_dav_svn: use LimitXMLRequestBody for skel-encoded requests (r1687812)
* svnadmin dump: preserve no-op changes (r1709388 et al, issue #4598)
* fsfs: avoid unneeded I/O when opening transactions (r1715793)
+ - Client-side and server-side bugfixes:
+ * fix heap overflow in svn:// protocol parser (CVE-2015-5259)
+
- Bindings bugfixes:
* javahl: fix ABI incompatibilty with 1.8 (r1710104)
* javahl: allow non-absolute paths in SVNClient.vacuum (r1710215, r1710290)
@@ -849,6 +853,7 @@ http://svn.apache.org/repos/asf/subversi
* fix a segfault with old style text delta (r1618472 et al)
- Server-side bugfixes:
+ * mod_dav_svn: fix heap overflow with skel-encoded requests (CVE-2015-5343)
* fsfs: reduce memory allocation with Apache (r1591005 et al)
* mod_dav_svn: emit first log items as soon as possible (r1666965 et al)
* mod_dav_svn: use LimitXMLRequestBody for skel-encoded requests (r1687812)