Debian Bug report logs - #711033
CVE-2013-2112 CVE-2013-1968

version graph

Package: subversion; Maintainer for subversion is Peter Samuelson <peter@p12n.org>; Source for subversion is src:subversion.

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Tue, 4 Jun 2013 07:42:01 UTC

Severity: grave

Tags: patch, security

Fixed in versions subversion/1.6.17dfsg-4+deb7u3, subversion/1.7.9-1+nmu2, subversion/1.6.12dfsg-7

Done: Salvatore Bonaccorso <carnil@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Peter Samuelson <peter@p12n.org>:
Bug#711033; Package subversion. (Tue, 04 Jun 2013 07:42:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Peter Samuelson <peter@p12n.org>. (Tue, 04 Jun 2013 07:42:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: subversion: CVE-2013-2112
Date: Tue, 04 Jun 2013 09:38:46 +0200
Package: subversion
Severity: grave
Tags: security
Justification: user security hole

Please see
http://subversion.apache.org/security/CVE-2013-2112-advisory.txt

Cheers,
        Moritz



Information forwarded to debian-bugs-dist@lists.debian.org, Peter Samuelson <peter@p12n.org>:
Bug#711033; Package subversion. (Tue, 04 Jun 2013 08:06:21 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Peter Samuelson <peter@p12n.org>. (Tue, 04 Jun 2013 08:06:21 GMT) Full text and rfc822 format available.

Message #10 received at 711033@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: 711033@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: subversion: CVE-2013-2112
Date: Tue, 4 Jun 2013 10:04:21 +0200
retitle 711033 CVE-2013-2112 CVE-2013-1968
thanks

On Tue, Jun 04, 2013 at 09:38:46AM +0200, Moritz Muehlenhoff wrote:
> Package: subversion
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> Please see
> http://subversion.apache.org/security/CVE-2013-2112-advisory.txt

Additional issue:
http://subversion.apache.org/security/CVE-2013-1968-advisory.txt



http://subversion.apache.org/security/CVE-2013-2088-advisory.txt doesn't
affect the Debian packages, the affected scripts are not installed.

Cheers,
        Moritz



Changed Bug title to 'CVE-2013-2112 CVE-2013-1968' from 'subversion: CVE-2013-2112' Request was from Moritz Muehlenhoff <jmm@inutil.org> to control@bugs.debian.org. (Tue, 04 Jun 2013 08:06:23 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Peter Samuelson <peter@p12n.org>:
Bug#711033; Package subversion. (Wed, 05 Jun 2013 21:06:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Peter Samuelson <peter@p12n.org>. (Wed, 05 Jun 2013 21:06:04 GMT) Full text and rfc822 format available.

Message #17 received at 711033@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 711033@bugs.debian.org
Subject: Re: Bug#711033: subversion: CVE-2013-2112 and CVE-2013-1968
Date: Wed, 5 Jun 2013 23:02:21 +0200
Hi Peter

Did you had already a chance to look at CVE-2013-2112 and
CVE-2013-1968? Are you working on updated packages?

Regards,
Salvatore



Information forwarded to debian-bugs-dist@lists.debian.org, Peter Samuelson <peter@p12n.org>:
Bug#711033; Package subversion. (Sun, 09 Jun 2013 08:33:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Peter Samuelson <peter@p12n.org>. (Sun, 09 Jun 2013 08:33:07 GMT) Full text and rfc822 format available.

Message #22 received at 711033@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 711033@bugs.debian.org
Subject: subversion: diff for NMU version 1.7.9-1+nmu2
Date: Sun, 9 Jun 2013 10:29:56 +0200
[Message part 1 (text/plain, inline)]
tags 711033 + patch
tags 711033 + pending
thanks

Dear maintainer,

I've prepared an NMU for subversion (versioned as 1.7.9-1+nmu2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore
[subversion-1.7.9-1+nmu2-nmu.diff (text/x-diff, attachment)]

Added tag(s) patch. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sun, 09 Jun 2013 08:33:10 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sun, 09 Jun 2013 08:33:11 GMT) Full text and rfc822 format available.

Reply sent to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility. (Sun, 09 Jun 2013 11:19:51 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Sun, 09 Jun 2013 11:19:51 GMT) Full text and rfc822 format available.

Message #31 received at 711033-close@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 711033-close@bugs.debian.org
Subject: Bug#711033: fixed in subversion 1.6.17dfsg-4+deb7u3
Date: Sun, 09 Jun 2013 11:17:09 +0000
Source: subversion
Source-Version: 1.6.17dfsg-4+deb7u3

We believe that the bug you reported is fixed in the latest version of
subversion, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 711033@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated subversion package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 05 Jun 2013 23:12:33 +0200
Source: subversion
Binary: subversion libsvn1 libsvn-dev libsvn-doc libapache2-svn python-subversion subversion-tools libsvn-java libsvn-perl libsvn-ruby1.8 libsvn-ruby
Architecture: source all amd64
Version: 1.6.17dfsg-4+deb7u3
Distribution: wheezy-security
Urgency: high
Maintainer: Salvatore Bonaccorso <carnil@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 libapache2-svn - Subversion server modules for Apache
 libsvn-dev - Development files for Subversion libraries
 libsvn-doc - Developer documentation for libsvn
 libsvn-java - Java bindings for Subversion
 libsvn-perl - Perl bindings for Subversion
 libsvn-ruby - Ruby bindings for Subversion (dummy package)
 libsvn-ruby1.8 - Ruby bindings for Subversion
 libsvn1    - Shared libraries used by Subversion
 python-subversion - Python bindings for Subversion
 subversion - Advanced version control system
 subversion-tools - Assorted tools related to Subversion
Closes: 711033
Changes: 
 subversion (1.6.17dfsg-4+deb7u3) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add CVE-2013-1968.patch patch.
     CVE-2013-1968: Subversion FSFS repositories can be corrupted by newline
     characters in filenames. (Closes: #711033)
   * Add CVE-2013-2112.patch patch.
     CVE-2013-2112: Fix remotely triggerable DoS vulnerability. (Closes: #711033)
Checksums-Sha1: 
 fe1963706152ec8629929c13c8e02c811f3ae1ad 2941 subversion_1.6.17dfsg-4+deb7u3.dsc
 e353f97fdeb6aefa37c6db45e8c22c4205cef4b7 7757112 subversion_1.6.17dfsg.orig.tar.gz
 1a3007ee3e7105f71b5dab72ee7d244f7af04f0b 113574 subversion_1.6.17dfsg-4+deb7u3.diff.gz
 b136aa9036c966fbee84b368388d4e7f9b9391e8 2084032 libsvn-doc_1.6.17dfsg-4+deb7u3_all.deb
 ad25abf916be9e4078e304be462eccc07ffe7b59 225100 subversion-tools_1.6.17dfsg-4+deb7u3_all.deb
 ebf4688c55bb09dd163ad8b3bf34a4e6155039fd 764 libsvn-ruby_1.6.17dfsg-4+deb7u3_all.deb
 71d680847bb6d2f1dc5bf44a83862ed3a7dcabf2 1320680 subversion_1.6.17dfsg-4+deb7u3_amd64.deb
 15c4592eb39f906d43e6d4ba5b314a967cfe3bc9 935602 libsvn1_1.6.17dfsg-4+deb7u3_amd64.deb
 425e1f943fc411d0d6ca82efeb81beb6c3ef5689 1423756 libsvn-dev_1.6.17dfsg-4+deb7u3_amd64.deb
 b8ce49f95ffc1bf4a0ed5dcd3376d5297cfc2a22 172954 libapache2-svn_1.6.17dfsg-4+deb7u3_amd64.deb
 7a33334336e5d6ee55116f3eafa6e7ed8d2f975e 1339950 python-subversion_1.6.17dfsg-4+deb7u3_amd64.deb
 92661e18c4f5bd8d55de3352f6691df696ef7b63 306454 libsvn-java_1.6.17dfsg-4+deb7u3_amd64.deb
 d6f400fe76d0950fd89ad755ab1888ba442a9fe5 1082472 libsvn-perl_1.6.17dfsg-4+deb7u3_amd64.deb
 07251cf91232328dccf20dfc77843812e070ed4d 629674 libsvn-ruby1.8_1.6.17dfsg-4+deb7u3_amd64.deb
Checksums-Sha256: 
 b4c56452834133c774aa76b991c00f206e0cf507d8991933edc1575ac9326084 2941 subversion_1.6.17dfsg-4+deb7u3.dsc
 45a8a067b65cfe5326f9676f991d82f39d67f8309c35e58f67e689eb702679d0 7757112 subversion_1.6.17dfsg.orig.tar.gz
 6b366ef037c7d57222ab14b5196a125a4f6da59bbad8dde6d681464539643cf0 113574 subversion_1.6.17dfsg-4+deb7u3.diff.gz
 f0385a93b259269d554920b3c161f457a348d8ed0e4762f369a59bbe12958b4a 2084032 libsvn-doc_1.6.17dfsg-4+deb7u3_all.deb
 afc88b9a88744a64920ee13c7841394bad39ce752f5465efc0fd8a8863526516 225100 subversion-tools_1.6.17dfsg-4+deb7u3_all.deb
 589504e228c1189b870ce8b7a24098b6ab2e80f9d4a3abe43a09114988d85cb6 764 libsvn-ruby_1.6.17dfsg-4+deb7u3_all.deb
 54fa12c03ce7551040f9e266055076ec5b1c4c16bc2fe0fab3b54b407523b6b4 1320680 subversion_1.6.17dfsg-4+deb7u3_amd64.deb
 8a3ce8292aeff58afd6476efb2328e5acd07f3dc20ee05b89d16c0330abf8196 935602 libsvn1_1.6.17dfsg-4+deb7u3_amd64.deb
 acdf7469f6bac5caaaf897c1d7fe203263a9406b94d2300376e67cace00a08fc 1423756 libsvn-dev_1.6.17dfsg-4+deb7u3_amd64.deb
 ef509fbcb87d13484a67891c2e31bb3b7fa780b47a02b85d479e8b92e396b283 172954 libapache2-svn_1.6.17dfsg-4+deb7u3_amd64.deb
 24b06f22a330f1957dff530bfd5a8ee6825081b0b52e2ab007c455a1265a0281 1339950 python-subversion_1.6.17dfsg-4+deb7u3_amd64.deb
 bf397144db27968bc0eb382f50e66d369250699a518cc00eb7e1cd924a872eac 306454 libsvn-java_1.6.17dfsg-4+deb7u3_amd64.deb
 4c5f140ab27d8bc4502489b90a3813fe27f934fba9b5a274c257dc726b5c5a73 1082472 libsvn-perl_1.6.17dfsg-4+deb7u3_amd64.deb
 38af4405c2a899ed8944fb088c11374ddcb710fc902e0053f986795106091470 629674 libsvn-ruby1.8_1.6.17dfsg-4+deb7u3_amd64.deb
Files: 
 8fe137770077449c231af4728a960da0 2941 vcs optional subversion_1.6.17dfsg-4+deb7u3.dsc
 2bb85bcf6f1fb1ccec11dc2b4c89463b 7757112 vcs optional subversion_1.6.17dfsg.orig.tar.gz
 fb89280d3bd228235c160eca173f44b8 113574 vcs optional subversion_1.6.17dfsg-4+deb7u3.diff.gz
 098cff68a9af1f1df20d7beb38a5d5da 2084032 doc extra libsvn-doc_1.6.17dfsg-4+deb7u3_all.deb
 7f3b20b4eb96173e28de09374f955b78 225100 vcs extra subversion-tools_1.6.17dfsg-4+deb7u3_all.deb
 2141a28a1a107c2bb5f5d8c3be5e71af 764 ruby optional libsvn-ruby_1.6.17dfsg-4+deb7u3_all.deb
 7a664ee8c25ed82ddfdb832162f6cb47 1320680 vcs optional subversion_1.6.17dfsg-4+deb7u3_amd64.deb
 f456cb6cce4904cd31954836304b8330 935602 vcs optional libsvn1_1.6.17dfsg-4+deb7u3_amd64.deb
 96f6624c5bbf8be9d8492a8f866e566d 1423756 libdevel extra libsvn-dev_1.6.17dfsg-4+deb7u3_amd64.deb
 c4b58ccded6b526716d9f36c549fc09e 172954 httpd optional libapache2-svn_1.6.17dfsg-4+deb7u3_amd64.deb
 01add55473f7910e8e21c35ff96c9ed7 1339950 python optional python-subversion_1.6.17dfsg-4+deb7u3_amd64.deb
 8108251f1a1234a5f8a78da977755496 306454 java optional libsvn-java_1.6.17dfsg-4+deb7u3_amd64.deb
 a517619f9d04bd65e0991240aa609414 1082472 perl optional libsvn-perl_1.6.17dfsg-4+deb7u3_amd64.deb
 34e63f4905572264a26b4f623f7535c6 629674 ruby optional libsvn-ruby1.8_1.6.17dfsg-4+deb7u3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJRsXdwAAoJEHidbwV/2GP+JYcP/3sG9XWBuUUSVrZLylTOVzvR
v9DxXsZjc1u1WX3yJBk8y5XujaamMF+lygpqtOY6D9diUxkpxqzAmArqM2hnnD8U
nfUBTIo5c7kVRVTPfi3Qb/kezq/dUu+J3c/3q8MkhdslOT7TEf/7tjVm/tuKMeIR
g79Q88SUqqhjKHSoOJV52b0WHFnUEkr+4+jVEC/ebBaNjXu6pZKZi6plNNr+/6dz
ZdFmxAEurqG4lFnzRXhQTRLhEJy520VfoQBSAgBQKT3BFwcx4sFRogaBxdFTG+fB
IqLrlYnJL6KKG7xs8/uQpHfMkHBV8dHciR+c435O+G3NF6kVnYNwkXhqxjNvg4eZ
V38zWaPddFcSDvZccSgSP90sbM6eJxMuLaMnSgTlAryIhkYMoHcuWGOQYkAj0sGF
undT0xBVRZCMh61j+E4xk1mSn0vYkMrwSYSPjsmVjuI8LTbLdAozDlcnBwpqCrWp
CNyuVEk+WURK96gwAoP2/k4FLYCdqh9v8Arysk22OuJC0UmHnt1U0mXg8hDY6ZoC
tS5naecFHr6LF7lu6jhGIZ7HhsJT88cMYgRWRrcWvo2V0i8bxywfbvHZ0C1K5qSR
0JurMoPXinZgV4JDX6Q/S3Qjpw6/8iNbteZ5nRLiCsCIRxtv6lsLo9ja63E6d0ir
mkXv67KXHGhjrJgwjYH5
=Sfsw
-----END PGP SIGNATURE-----




Reply sent to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility. (Tue, 11 Jun 2013 09:24:12 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Tue, 11 Jun 2013 09:24:12 GMT) Full text and rfc822 format available.

Message #36 received at 711033-close@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 711033-close@bugs.debian.org
Subject: Bug#711033: fixed in subversion 1.7.9-1+nmu2
Date: Tue, 11 Jun 2013 09:21:21 +0000
Source: subversion
Source-Version: 1.7.9-1+nmu2

We believe that the bug you reported is fixed in the latest version of
subversion, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 711033@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated subversion package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 06 Jun 2013 13:14:52 +0200
Source: subversion
Binary: subversion libsvn1 libsvn-dev libsvn-doc libapache2-svn python-subversion subversion-tools libsvn-java libsvn-perl ruby-svn libsvn-ruby1.8 libsvn-ruby
Architecture: source all amd64
Version: 1.7.9-1+nmu2
Distribution: unstable
Urgency: high
Maintainer: Salvatore Bonaccorso <carnil@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 libapache2-svn - Apache Subversion server modules for Apache httpd
 libsvn-dev - Development files for Apache Subversion libraries
 libsvn-doc - Developer documentation for libsvn
 libsvn-java - Java bindings for Apache Subversion
 libsvn-perl - Perl bindings for Apache Subversion
 libsvn-ruby - Ruby bindings for Apache Subversion (dummy package)
 libsvn-ruby1.8 - Ruby bindings for Apache Subversion (dummy package)
 libsvn1    - Shared libraries used by Apache Subversion
 python-subversion - Python bindings for Apache Subversion
 ruby-svn   - Ruby bindings for Apache Subversion
 subversion - Advanced version control system
 subversion-tools - Assorted tools related to Apache Subversion
Closes: 711033
Changes: 
 subversion (1.7.9-1+nmu2) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Add CVE-2013-1968.patch patch.
     CVE-2013-1968: Subversion FSFS repositories can be corrupted by newline
     characters in filenames. (Closes: #711033)
   * Add CVE-2013-2112.patch patch.
     CVE-2013-2112: Fix remotely triggerable DoS vulnerability. (Closes: #711033)
Checksums-Sha1: 
 fea83039ab819aae492a964680a4fca4584235df 2911 subversion_1.7.9-1+nmu2.dsc
 9e0faf630d22110927e9dc6d846cba1376565b9e 232203 subversion_1.7.9-1+nmu2.diff.gz
 ab3d142210b51e030745989153cbdf2bb0b3528f 2575800 libsvn-doc_1.7.9-1+nmu2_all.deb
 c51a9181c1e61888cccc866c9b81dd7dca070044 285880 subversion-tools_1.7.9-1+nmu2_all.deb
 e8e4c6d6bc9abf0cb41ebd4d8793458a238a9ff0 804 libsvn-ruby1.8_1.7.9-1+nmu2_all.deb
 494f9a9fc2b7e26fd0cf89bd35be1e866c1c60e7 798 libsvn-ruby_1.7.9-1+nmu2_all.deb
 e8bd219ec35f6f0cfc95fabe1f5f379793e32440 1296158 subversion_1.7.9-1+nmu2_amd64.deb
 0511e1af6332b30ffbd1435a6804db2367663563 1188364 libsvn1_1.7.9-1+nmu2_amd64.deb
 8dffb998244e891901f3edc6d91b3f35b7f12f42 1678682 libsvn-dev_1.7.9-1+nmu2_amd64.deb
 f1ab5236db1fea25befcf8d16e2772a887925c00 189282 libapache2-svn_1.7.9-1+nmu2_amd64.deb
 dff6a29dbb49be6bede3e89b2a37c189e254f4dc 884906 python-subversion_1.7.9-1+nmu2_amd64.deb
 a12f014623694c7d5f744507e194a56e7fea7337 361782 libsvn-java_1.7.9-1+nmu2_amd64.deb
 6b69d327fb5d1d78582279f664d88a9fe9ac0a67 1276636 libsvn-perl_1.7.9-1+nmu2_amd64.deb
 e36b1a7a19979e091d6bd140695fc2757ddf33ea 723874 ruby-svn_1.7.9-1+nmu2_amd64.deb
Checksums-Sha256: 
 4739fde7b076ce288ab79ef41c7025a82a26b024c2dc48025b191a369f95248e 2911 subversion_1.7.9-1+nmu2.dsc
 91207fd70da20be7b3e2514f511731c483bc11915b0947e6e890e63be8f6e3da 232203 subversion_1.7.9-1+nmu2.diff.gz
 c3670faca52987b914c5babe85289d8e05677853e940b93e631740b2c499b0fc 2575800 libsvn-doc_1.7.9-1+nmu2_all.deb
 d8c5ef234fd9ce5de62dbd005739a6c4bba95621c3991a2fbaa6b9545917ab6c 285880 subversion-tools_1.7.9-1+nmu2_all.deb
 86f6b7319b42fa7e7806cfbcfb19ee10d4757fbb4e0097cc438ef1e1f278c67b 804 libsvn-ruby1.8_1.7.9-1+nmu2_all.deb
 fb0e21c3dc26ae9c69c8ae23aba50ec814e84bcbd39ba2b980a2ba34f5839c09 798 libsvn-ruby_1.7.9-1+nmu2_all.deb
 c033867264055c59cf3462db7dc835b7368b351fca38cb73f56b828db7b77548 1296158 subversion_1.7.9-1+nmu2_amd64.deb
 c673f43dbc1af859d9d57b76ef62e54a88f78b650df538c330099075978edc8c 1188364 libsvn1_1.7.9-1+nmu2_amd64.deb
 7df0fa614053fa121a32e7a00e3254dad942388e032e6c36ccbc94ac44e5a1d8 1678682 libsvn-dev_1.7.9-1+nmu2_amd64.deb
 6ce2b32bd479a129d80d2616eb90ef7af41575c729e194a305ae5a3a521563a7 189282 libapache2-svn_1.7.9-1+nmu2_amd64.deb
 ee74bd0ef66540194048bcfdd8de4675abe97060a1515444f63ede01d0c3ea55 884906 python-subversion_1.7.9-1+nmu2_amd64.deb
 90eeef43a3e16d1328f9d4b5e823903bc855fd27840d208bc3851512bf87ba22 361782 libsvn-java_1.7.9-1+nmu2_amd64.deb
 72ccbe9a1cef27ccfc2b93aeca2ce5af2f90c77451b2d7c28d94586711ec4db5 1276636 libsvn-perl_1.7.9-1+nmu2_amd64.deb
 3c8d04d9311d4e781d4260f750fb0c8498763d4ff7c6bfb19eb1989b1b5a4a62 723874 ruby-svn_1.7.9-1+nmu2_amd64.deb
Files: 
 4f878002f64e8372621a159bb31f9506 2911 vcs optional subversion_1.7.9-1+nmu2.dsc
 f4a36d1b41b55b72386d43f852528bf0 232203 vcs optional subversion_1.7.9-1+nmu2.diff.gz
 52e02c9e0d796c7f27c93e553202dd46 2575800 doc extra libsvn-doc_1.7.9-1+nmu2_all.deb
 4773fc156beb13fcabbc4fe954e37a02 285880 vcs extra subversion-tools_1.7.9-1+nmu2_all.deb
 1746ee6cbd14fbf688cc52b9368938f0 804 oldlibs extra libsvn-ruby1.8_1.7.9-1+nmu2_all.deb
 365c26678483e6edc2e5409575cfd645 798 oldlibs extra libsvn-ruby_1.7.9-1+nmu2_all.deb
 28c2d65efb6c81a1785456fb0d014387 1296158 vcs optional subversion_1.7.9-1+nmu2_amd64.deb
 ad15e75e97470d50e8ee0ee45eaf3ca2 1188364 libs optional libsvn1_1.7.9-1+nmu2_amd64.deb
 a083872f571c301f82d954a3ec3e2063 1678682 libdevel extra libsvn-dev_1.7.9-1+nmu2_amd64.deb
 72936ffa392adcde3a2508f26ad93430 189282 httpd optional libapache2-svn_1.7.9-1+nmu2_amd64.deb
 fa74de19e7c5ec2fe3841d5ff0a0627f 884906 python optional python-subversion_1.7.9-1+nmu2_amd64.deb
 7ae0815ccb16f5ded4ce07a7d74c64cd 361782 java optional libsvn-java_1.7.9-1+nmu2_amd64.deb
 70b5f5712f7e7c88447ab3a02383ca5e 1276636 perl optional libsvn-perl_1.7.9-1+nmu2_amd64.deb
 22156375c2b07de9e9a4ae5a03116af5 723874 ruby optional ruby-svn_1.7.9-1+nmu2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJRtDjoAAoJEHidbwV/2GP+WdkP/2Fh4tICvWiTnVwkVSLwwaOw
y/D+st7RkHW2rkCKWLUGekql7JnH/Io6+8Q8muHEwO0MoOGrLJ0kcAJIbaQJ0t5Z
mNSBuJwtqTiX240Zwf15CBkJTHgHP8yCGYWUBh2tawnLtATO0N5F29YTbbwbaVhV
79rlAHD9XQMWKn4GebYOgoK8pYb4w86dFx16AG9SzBdiL/F7U/fCUD+WGofEMyXe
aL1AD0ZXerxXOuqJIQTeA+ug62o3NVWR+Zf09H/+UlBaiL2pUJ+pSJ7wFaykwKNg
9mnQt6iyKRlzSGcf+ElS6/BIB+CA7uFhfvu8NgOTbOG8SwrPGilduKQHvEnYgOt/
iS0pEKSPNwF0wGL6pN2VMy8uVJbXW0gh5jy/9SVTL70du97pR5hdRBB9dxtp2dXl
+Sfe0G9/i8v+kqE5zLjp8mnR32iGWXNIgbnM6GfgM9ux/NeaRJ5EloGIEuThtaAF
w58mn8/ctQpsiMEcbUzdRs+TpRWk534VjfK1ADrLeTy/xbAxFgUhxjULRxiWc6L8
f2wjtpxIALBVNusChe07KcG/NQJMrwzVeTV8Fj/ox/9qzS0nlNhHbrF+Pde/VREn
J2ySOiydIVgfPhRHEHxFFsKPCyDgwGvtXg+VMDq99jQm0pTDFmVd9qFrpn1YU9wc
nQMmqXnWlYjUCaWkdvQO
=qtGr
-----END PGP SIGNATURE-----




Reply sent to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility. (Sun, 16 Jun 2013 19:51:17 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Sun, 16 Jun 2013 19:51:17 GMT) Full text and rfc822 format available.

Message #41 received at 711033-close@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 711033-close@bugs.debian.org
Subject: Bug#711033: fixed in subversion 1.6.12dfsg-7
Date: Sun, 16 Jun 2013 19:47:26 +0000
Source: subversion
Source-Version: 1.6.12dfsg-7

We believe that the bug you reported is fixed in the latest version of
subversion, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 711033@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated subversion package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 06 Jun 2013 09:06:48 +0200
Source: subversion
Binary: subversion libsvn1 libsvn-dev libsvn-doc libapache2-svn python-subversion subversion-tools libsvn-java libsvn-perl libsvn-ruby1.8 libsvn-ruby
Architecture: source all amd64
Version: 1.6.12dfsg-7
Distribution: squeeze-security
Urgency: high
Maintainer: Salvatore Bonaccorso <carnil@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 libapache2-svn - Subversion server modules for Apache
 libsvn-dev - Development files for Subversion libraries
 libsvn-doc - Developer documentation for libsvn
 libsvn-java - Java bindings for Subversion
 libsvn-perl - Perl bindings for Subversion
 libsvn-ruby - Ruby bindings for Subversion (dummy package)
 libsvn-ruby1.8 - Ruby bindings for Subversion
 libsvn1    - Shared libraries used by Subversion
 python-subversion - Python bindings for Subversion
 subversion - Advanced version control system
 subversion-tools - Assorted tools related to Subversion
Closes: 711033
Changes: 
 subversion (1.6.12dfsg-7) squeeze-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add CVE-2013-1968.patch patch.
     CVE-2013-1968: Subversion FSFS repositories can be corrupted by newline
     characters in filenames. (Closes: #711033)
   * Add CVE-2013-2112.patch patch.
     CVE-2013-2112: Fix remotely triggerable DoS vulnerability. (Closes: #711033)
Checksums-Sha1: 
 af4993dbe498d9e3a124df6ab1bd42fd0b8f864e 2591 subversion_1.6.12dfsg-7.dsc
 460b0ef3f07b8af7e0f05d5ff52bf4373e1ad030 108990 subversion_1.6.12dfsg-7.diff.gz
 58d5d644a6a04a57e4daf1533dfb9ce07ba1bbf5 1962894 libsvn-doc_1.6.12dfsg-7_all.deb
 21a489d3dad020c1cfc64a22109703ef938d7951 221162 subversion-tools_1.6.12dfsg-7_all.deb
 c9ef86d9f283d28f2f3bdbe0c1e226948935f43d 760 libsvn-ruby_1.6.12dfsg-7_all.deb
 4aba7f05c234167c932aad69a9fb16b90e038390 1312924 subversion_1.6.12dfsg-7_amd64.deb
 a799fa498c5d167db565f9a134dcf7e23f7be61b 982180 libsvn1_1.6.12dfsg-7_amd64.deb
 f1e21f8a3c489dca04bc885808421a17feaa7e7b 1356302 libsvn-dev_1.6.12dfsg-7_amd64.deb
 22cda51835948e973ea914f6280fc2e32bcd3ec7 167100 libapache2-svn_1.6.12dfsg-7_amd64.deb
 fb8cc681fd02996d075daa49120d7de19126e34a 1323900 python-subversion_1.6.12dfsg-7_amd64.deb
 bf3be9c17cf5b83f0794d5e8e0775d5fd042be20 305190 libsvn-java_1.6.12dfsg-7_amd64.deb
 d211b72293fff4c3afe8e742681cf8e2a61ebfe5 1177650 libsvn-perl_1.6.12dfsg-7_amd64.deb
 754d6c00bd23df2f64ff70b95e05f309a13a0cf1 610346 libsvn-ruby1.8_1.6.12dfsg-7_amd64.deb
Checksums-Sha256: 
 ae992f7ffc1ed74e50cc5966446619be6b31d1288e04e0fbacf742dde8454505 2591 subversion_1.6.12dfsg-7.dsc
 fa83da301d6dcea99ab6975478771744dcd7f016242127a345cd463cbaf09a73 108990 subversion_1.6.12dfsg-7.diff.gz
 f3c632f446bcfa653d1c6d6a09f9eb085dfadc687b68b27537fde2ddb316416c 1962894 libsvn-doc_1.6.12dfsg-7_all.deb
 f7d0d500698e83e786ff54c6b9b0d26ec382975ae2879d31a22eff006496d294 221162 subversion-tools_1.6.12dfsg-7_all.deb
 2e0dbb50e562128f9cdc414ed0f4fe3cb9b4ca803db9d81953d4afe0bb804ac1 760 libsvn-ruby_1.6.12dfsg-7_all.deb
 0700a1cfd83e16cfe41cc3050ae7f166b3d9bf5714e96856f64ec4f52d7521c6 1312924 subversion_1.6.12dfsg-7_amd64.deb
 b9b9fba51a165e18cef3934bf6a6fa222d3a2737b124ff2af2eea21b3feed893 982180 libsvn1_1.6.12dfsg-7_amd64.deb
 d03b9854dc142bc076297817bca6325061bd4863fa04c1f8b629eccc5c1d6200 1356302 libsvn-dev_1.6.12dfsg-7_amd64.deb
 acf47d65dcb7a753cda24ebf9f2a1e9b5f583ae6bf944c2b8782f0a2f2c7ce4b 167100 libapache2-svn_1.6.12dfsg-7_amd64.deb
 95c6f89542dcdb6cc2271d23a69b1450ded97c5c666359ce01f7824812f3343a 1323900 python-subversion_1.6.12dfsg-7_amd64.deb
 bf62ddd5a20c96d43c36711554b6ff28393b2162e23160120566fb137b47d006 305190 libsvn-java_1.6.12dfsg-7_amd64.deb
 665a2eff7d0f70eb698c081734c5fa0859d6c49fffdb0f7f3b3f49ff92d58a0f 1177650 libsvn-perl_1.6.12dfsg-7_amd64.deb
 c0931757b43352c1b2a5aacc5a0be6784dd1c39924f5563206db9d501a37f5cb 610346 libsvn-ruby1.8_1.6.12dfsg-7_amd64.deb
Files: 
 57b981e048e576d19e56b5d13e5fad7c 2591 vcs optional subversion_1.6.12dfsg-7.dsc
 620ae7136d96070ab0efd06a073f7ac8 108990 vcs optional subversion_1.6.12dfsg-7.diff.gz
 d252c37d1ac6c6e6677133a12d4244c1 1962894 doc extra libsvn-doc_1.6.12dfsg-7_all.deb
 e6355c9a24fb537e10c9ee5b46d59942 221162 vcs extra subversion-tools_1.6.12dfsg-7_all.deb
 7809d1681046190627fbfe04980c96bb 760 ruby optional libsvn-ruby_1.6.12dfsg-7_all.deb
 003b755d40b58cb0dd446b00c6717e15 1312924 vcs optional subversion_1.6.12dfsg-7_amd64.deb
 f0f42ebdef1d53246d28e5709b4b5443 982180 vcs optional libsvn1_1.6.12dfsg-7_amd64.deb
 dc316b9495637159cea1a04396680bb7 1356302 vcs extra libsvn-dev_1.6.12dfsg-7_amd64.deb
 29829baf8b1d9855a04434b1f83b0f76 167100 httpd optional libapache2-svn_1.6.12dfsg-7_amd64.deb
 461ed1749213628c2df782f9e6d3a5e7 1323900 python optional python-subversion_1.6.12dfsg-7_amd64.deb
 845b48ee65a0703992a2d1ce6773e3fd 305190 java optional libsvn-java_1.6.12dfsg-7_amd64.deb
 90d0a00aec83ffd9775791a146184b6d 1177650 perl optional libsvn-perl_1.6.12dfsg-7_amd64.deb
 2a08f3df4633baa367806f872c5d87ac 610346 ruby optional libsvn-ruby1.8_1.6.12dfsg-7_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJRsb5JAAoJEHidbwV/2GP+IkUP/AvVMLIto6hIQiLsNeJQatDU
uVykL8kFl5OpVl+PFzhlWgPzP2LClks0kuw4pZhghudM/8gLknxgbF4hFlukoKR0
GzrV0VAENeFxoeXwnPd2LSBFdFULXOuP9EsNXEUy1EoT/NLuXIemIVQmuNyyRe2R
MmgKcwZ73pujSiFRwOVWCBA7xB0SZTuLtbZOZQrObsBumB9Fvw3jua9lLH6Oricl
IkEhI3diW+3LyIii+VvHb52bA2LuUfv3P4RPA7SrmoaLBhCEAtu5qPFNonlHYSeu
ZyxJuzXgGDSNj7tIrxCpartw2KMz5VUfEXTBYBvGwOcm/N0PSpS5HjyyNZjQ344L
0X1AJUeAVavQI1cd7anvku07NFQC+c8i/3dFtLk3q4+QaQI72EiD9IcDZEGnjZ2T
oxrjtnLcTNUGa/QQI4c8mM29/ZINafcqfSY0f+KW2QjAqjZqA6jUB1zJLPTaERg4
3lPvzxxuiCnM8M7y40lWwnYNyhnaYfq9hxqdwMCqnif45Qbq+x69H0qGleVSPnFC
Gu0lOYBB06OBEpvPUI6A5+yz9kQb3B+lKPfDEvoLGNHcsli38mLUFFiN6DBSDVwp
cpjpsrogZDZuD8Vvd9hj2z/8O+9k6EMRiNPDgjZkTiQ97MMZmFsYlbg1UVBqk8V8
yU1X8zTL1M7ezUrIxzLZ
=NWF+
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 31 Aug 2013 07:27:29 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 15:11:06 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.