You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Ben Reser <br...@apache.org> on 2014/08/11 17:52:26 UTC
Apache Subversion 1.8.10 released
I'm happy to announce the release of Apache Subversion 1.8.10.
This release addresses two security issues:
CVE-2014-3522: ra_serf improper validation of wildcards in SSL certs.
CVE-2014-3528: credentials cached with svn may be sent to wrong server.
Please choose the mirror closest to you by visiting:
http://subversion.apache.org/download/#recommended-release
The SHA1 checksums are:
d6896d94bb53c1b4c6e9c5bb1a5c466477b19b2b subversion-1.8.10.tar.bz2
8e1e1e5fd97c3f575a81d66232c62dc902257a17 subversion-1.8.10.tar.gz
963637c9aac7f50b1b8d10a8918c57a88fb6844d subversion-1.8.10.zip
PGP Signatures are available at:
http://www.apache.org/dist/subversion/subversion-1.8.10.tar.bz2.asc
http://www.apache.org/dist/subversion/subversion-1.8.10.tar.gz.asc
http://www.apache.org/dist/subversion/subversion-1.8.10.zip.asc
For this release, the following people have provided PGP signatures:
Ben Reser [4096R/16A0DE01] with fingerprint:
19BB CAEF 7B19 B280 A0E2 175E 62D4 8FAD 16A0 DE01
Bert Huijben [4096R/CCC8E1DF] with fingerprint:
3D1D C66D 6D2E 0B90 3952 8138 C4A6 C625 CCC8 E1DF
Branko Čibej [2048R/C8628501] with fingerprint:
8769 28CD 4954 EA74 87B6 B96C 29B8 92D0 C862 8501
Branko Čibej [4096R/A347943F] with fingerprint:
BA3C 15B1 337C F0FB 222B D41A 1BCA 6586 A347 943F
Ivan Zhakov [4096R/F6AD8147] with fingerprint:
4829 8F0F E47F 4B8A 43FD 6525 919F 6F61 F6AD 8147
Paul T. Burba [4096R/56F3D7BC] with fingerprint:
1A0F E7C6 B3C5 F8D4 D0C4 A20B 64DD C071 56F3 D7BC
Philip Martin [2048R/ED1A599C] with fingerprint:
A844 790F B574 3606 EE95 9207 76D7 88E1 ED1A 599C
Stefan Fuhrmann [4096R/57921ACC] with fingerprint:
056F 8016 D9B8 7B1B DE41 7467 99EC 741B 5792 1ACC
Stefan Sperling [2048R/9A59B973] with fingerprint:
8BC4 DAE0 C5A4 D65F 4044 0107 4F7D BAA9 9A59 B973
Release notes for the 1.8.x release series may be found at:
http://subversion.apache.org/docs/release-notes/1.8.html
You can find the list of changes between 1.8.10 and earlier versions at:
http://svn.apache.org/repos/asf/subversion/tags/1.8.10/CHANGES
Questions, comments, and bug reports to users@subversion.apache.org.
Thanks,
- The Subversion Team
Re: Apache Subversion 1.8.10 released
Posted by Nico Kadel-Garcia <nk...@gmail.com>.
On Mon, Aug 11, 2014 at 11:52 AM, Ben Reser <br...@apache.org> wrote:
> I'm happy to announce the release of Apache Subversion 1.8.10.
>
> This release addresses two security issues:
> CVE-2014-3522: ra_serf improper validation of wildcards in SSL certs.
> CVE-2014-3528: credentials cached with svn may be sent to wrong server.
>
> Please choose the mirror closest to you by visiting:
>
> http://subversion.apache.org/download/#recommended-release
For RHEL 6 users, or CentOS or Scientific Linux users, I've updated my
hooks for building Subversion 1.8 RPM.s at
https://github.com/nkadel/subversion-1.8.x-srpm. Look for tag
v1.8.10-0.1.
Note that these include only patches and spec files, not binary
tarballs. Get those from the relevant Apache repository. Repoforge
seems to be mildly active again, I'll take another shot at getting
these updates available there.
Nico Kadel-Garcia <nk...@gmail.com>
Re: Apache Subversion 1.8.10 released
Posted by Nico Kadel-Garcia <nk...@gmail.com>.
On Mon, Aug 11, 2014 at 11:52 AM, Ben Reser <br...@apache.org> wrote:
> I'm happy to announce the release of Apache Subversion 1.8.10.
>
> This release addresses two security issues:
> CVE-2014-3522: ra_serf improper validation of wildcards in SSL certs.
> CVE-2014-3528: credentials cached with svn may be sent to wrong server.
>
> Please choose the mirror closest to you by visiting:
>
> http://subversion.apache.org/download/#recommended-release
For RHEL 6 users, or CentOS or Scientific Linux users, I've updated my
hooks for building Subversion 1.8 RPM.s at
https://github.com/nkadel/subversion-1.8.x-srpm. Look for tag
v1.8.10-0.1.
Note that these include only patches and spec files, not binary
tarballs. Get those from the relevant Apache repository. Repoforge
seems to be mildly active again, I'll take another shot at getting
these updates available there.
Nico Kadel-Garcia <nk...@gmail.com>