You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@subversion.apache.org by st...@apache.org on 2015/08/05 23:10:24 UTC

svn commit: r1694331 - /subversion/trunk/CHANGES

Author: stsp
Date: Wed Aug  5 21:10:24 2015
New Revision: 1694331

URL: http://svn.apache.org/r1694331
Log:
* CHANGES: List CVE-2015-3184 and CVE-2015-3187.

Modified:
    subversion/trunk/CHANGES

Modified: subversion/trunk/CHANGES
URL: http://svn.apache.org/viewvc/subversion/trunk/CHANGES?rev=1694331&r1=1694330&r2=1694331&view=diff
==============================================================================
--- subversion/trunk/CHANGES (original)
+++ subversion/trunk/CHANGES Wed Aug  5 21:10:24 2015
@@ -747,6 +747,9 @@ http://svn.apache.org/repos/asf/subversi
       of user and revision after 'svn up' (r1680242)
 
   - Server-side bugfixes:
+    * mod_authz_svn: do not leak information in mixed anonymous/authenticated
+      httpd (dav) configurations (CVE-2015-3184)
+    * do not leak paths that were hidden by path-based authz (CVE-2015-3187)
     * mod_dav_svn: do not ignore skel parsing errors (r1658168)
     * detect invalid svndiff data earlier (r1684077)
     * prevent possible repository corruption on power/disk failures (r1680819)
@@ -1616,6 +1619,9 @@ http://svn.apache.org/repos/asf/subversi
       non-deltas dumpfile (r1652182 et al.)
 
   - Server-side bugfixes:
+    * mod_authz_svn: do not leak information in mixed anonymous/authenticated
+      httpd (dav) configurations (CVE-2015-3184)
+    * do not leak paths that were hidden by path-based authz (CVE-2015-3187)
     * fix 'svnadmin recover' for pre-1.4 FSFS repositories (r1561419)
 
  Developer-visible changes: