You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by st...@apache.org on 2015/08/05 23:10:24 UTC
svn commit: r1694331 - /subversion/trunk/CHANGES
Author: stsp
Date: Wed Aug 5 21:10:24 2015
New Revision: 1694331
URL: http://svn.apache.org/r1694331
Log:
* CHANGES: List CVE-2015-3184 and CVE-2015-3187.
Modified:
subversion/trunk/CHANGES
Modified: subversion/trunk/CHANGES
URL: http://svn.apache.org/viewvc/subversion/trunk/CHANGES?rev=1694331&r1=1694330&r2=1694331&view=diff
==============================================================================
--- subversion/trunk/CHANGES (original)
+++ subversion/trunk/CHANGES Wed Aug 5 21:10:24 2015
@@ -747,6 +747,9 @@ http://svn.apache.org/repos/asf/subversi
of user and revision after 'svn up' (r1680242)
- Server-side bugfixes:
+ * mod_authz_svn: do not leak information in mixed anonymous/authenticated
+ httpd (dav) configurations (CVE-2015-3184)
+ * do not leak paths that were hidden by path-based authz (CVE-2015-3187)
* mod_dav_svn: do not ignore skel parsing errors (r1658168)
* detect invalid svndiff data earlier (r1684077)
* prevent possible repository corruption on power/disk failures (r1680819)
@@ -1616,6 +1619,9 @@ http://svn.apache.org/repos/asf/subversi
non-deltas dumpfile (r1652182 et al.)
- Server-side bugfixes:
+ * mod_authz_svn: do not leak information in mixed anonymous/authenticated
+ httpd (dav) configurations (CVE-2015-3184)
+ * do not leak paths that were hidden by path-based authz (CVE-2015-3187)
* fix 'svnadmin recover' for pre-1.4 FSFS repositories (r1561419)
Developer-visible changes: