You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Evgeny Kotkov <ko...@apache.org> on 2016/04/28 17:02:30 UTC

[ANNOUNCE][SECURITY] Apache Subversion 1.8.16 released

I'm happy to announce the release of Apache Subversion 1.8.16.
Please choose the mirror closest to you by visiting:

    http://subversion.apache.org/download/#supported-releases

This release fixes two security issues:

    CVE-2016-2167:
    svnserve/sasl may authenticate users using the wrong realm.
    http://subversion.apache.org/security/CVE-2016-2167-advisory.txt

    CVE-2016-2168:
    Remotely triggerable DoS vulnerability in mod_authz_svn during
    COPY/MOVE authorization check.
    http://subversion.apache.org/security/CVE-2016-2168-advisory.txt

The SHA1 checksums are:

    9596643a2728c55a4e54ff38608fde09b27fa494 subversion-1.8.16.tar.bz2
    50d3004b57d714247158374694c9f06ba852e88a subversion-1.8.16.tar.gz
    5a23082a998133be85efd0b5b81ef91d6b87fdd5 subversion-1.8.16.zip

PGP Signatures are available at:

    http://www.apache.org/dist/subversion/subversion-1.8.16.tar.bz2.asc
    http://www.apache.org/dist/subversion/subversion-1.8.16.tar.gz.asc
    http://www.apache.org/dist/subversion/subversion-1.8.16.zip.asc

For this release, the following people have provided PGP signatures:

   Branko Čibej [4096R/A347943F] with fingerprint:
    BA3C 15B1 337C F0FB 222B  D41A 1BCA 6586 A347 943F
   Evgeny Kotkov [4096R/09F9FA74] with fingerprint:
    E7B2 A7F4 EC28 BE9F F8B3  8BA4 B64F FF12 09F9 FA74
   Ivan Zhakov [4096R/F6AD8147] with fingerprint:
    4829 8F0F E47F 4B8A 43FD  6525 919F 6F61 F6AD 8147
   Johan Corveleyn [4096R/010C8AAD] with fingerprint:
    8AA2 C10E EAAD 44F9 6972  7AEA B59C E6D6 010C 8AAD
   Philip Martin [2048R/ED1A599C] with fingerprint:
    A844 790F B574 3606 EE95  9207 76D7 88E1 ED1A 599C
   Stefan Fuhrmann [4096R/57921ACC] with fingerprint:
    056F 8016 D9B8 7B1B DE41  7467 99EC 741B 5792 1ACC
   Stefan Sperling [2048R/9A59B973] with fingerprint:
    8BC4 DAE0 C5A4 D65F 4044  0107 4F7D BAA9 9A59 B973

Release notes for the 1.8.x release series may be found at:

    http://subversion.apache.org/docs/release-notes/1.8.html

You can find the list of changes between 1.8.16 and earlier versions at:

    http://svn.apache.org/repos/asf/subversion/tags/1.8.16/CHANGES

Questions, comments, and bug reports to users@subversion.apache.org.

Thanks,
- The Subversion Team