Bug#711033: marked as done (CVE-2013-2112 CVE-2013-1968)

[Debian Bug Tracking System]

Your message dated Sun, 09 Jun 2013 11:17:09 +0000
with message-id <e1uldct-0003iq...@franck.debian.org>
and subject line Bug#711033: fixed in subversion 1.6.17dfsg-4+deb7u3
has caused the Debian Bug report #711033,
regarding CVE-2013-2112 CVE-2013-1968
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
711033: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711033
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: subversion
Severity: grave
Tags: security
Justification: user security hole

Please see
http://subversion.apache.org/security/CVE-2013-2112-advisory.txt

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: subversion
Source-Version: 1.6.17dfsg-4+deb7u3

We believe that the bug you reported is fixed in the latest version of
subversion, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 711...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated subversion 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 05 Jun 2013 23:12:33 +0200
Source: subversion
Binary: subversion libsvn1 libsvn-dev libsvn-doc libapache2-svn 
python-subversion subversion-tools libsvn-java libsvn-perl libsvn-ruby1.8 
libsvn-ruby
Architecture: source all amd64
Version: 1.6.17dfsg-4+deb7u3
Distribution: wheezy-security
Urgency: high
Maintainer: Salvatore Bonaccorso <car...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Description: 
 libapache2-svn - Subversion server modules for Apache
 libsvn-dev - Development files for Subversion libraries
 libsvn-doc - Developer documentation for libsvn
 libsvn-java - Java bindings for Subversion
 libsvn-perl - Perl bindings for Subversion
 libsvn-ruby - Ruby bindings for Subversion (dummy package)
 libsvn-ruby1.8 - Ruby bindings for Subversion
 libsvn1    - Shared libraries used by Subversion
 python-subversion - Python bindings for Subversion
 subversion - Advanced version control system
 subversion-tools - Assorted tools related to Subversion
Closes: 711033
Changes: 
 subversion (1.6.17dfsg-4+deb7u3) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add CVE-2013-1968.patch patch.
     CVE-2013-1968: Subversion FSFS repositories can be corrupted by newline
     characters in filenames. (Closes: #711033)
   * Add CVE-2013-2112.patch patch.
     CVE-2013-2112: Fix remotely triggerable DoS vulnerability. (Closes: 
#711033)
Checksums-Sha1: 
 fe1963706152ec8629929c13c8e02c811f3ae1ad 2941 
subversion_1.6.17dfsg-4+deb7u3.dsc
 e353f97fdeb6aefa37c6db45e8c22c4205cef4b7 7757112 
subversion_1.6.17dfsg.orig.tar.gz
 1a3007ee3e7105f71b5dab72ee7d244f7af04f0b 113574 
subversion_1.6.17dfsg-4+deb7u3.diff.gz
 b136aa9036c966fbee84b368388d4e7f9b9391e8 2084032 
libsvn-doc_1.6.17dfsg-4+deb7u3_all.deb
 ad25abf916be9e4078e304be462eccc07ffe7b59 225100 
subversion-tools_1.6.17dfsg-4+deb7u3_all.deb
 ebf4688c55bb09dd163ad8b3bf34a4e6155039fd 764 
libsvn-ruby_1.6.17dfsg-4+deb7u3_all.deb
 71d680847bb6d2f1dc5bf44a83862ed3a7dcabf2 1320680 
subversion_1.6.17dfsg-4+deb7u3_amd64.deb
 15c4592eb39f906d43e6d4ba5b314a967cfe3bc9 935602 
libsvn1_1.6.17dfsg-4+deb7u3_amd64.deb
 425e1f943fc411d0d6ca82efeb81beb6c3ef5689 1423756 
libsvn-dev_1.6.17dfsg-4+deb7u3_amd64.deb
 b8ce49f95ffc1bf4a0ed5dcd3376d5297cfc2a22 172954 
libapache2-svn_1.6.17dfsg-4+deb7u3_amd64.deb
 7a33334336e5d6ee55116f3eafa6e7ed8d2f975e 1339950 
python-subversion_1.6.17dfsg-4+deb7u3_amd64.deb
 92661e18c4f5bd8d55de3352f6691df696ef7b63 306454 
libsvn-java_1.6.17dfsg-4+deb7u3_amd64.deb
 d6f400fe76d0950fd89ad755ab1888ba442a9fe5 1082472 
libsvn-perl_1.6.17dfsg-4+deb7u3_amd64.deb
 07251cf91232328dccf20dfc77843812e070ed4d 629674 
libsvn-ruby1.8_1.6.17dfsg-4+deb7u3_amd64.deb
Checksums-Sha256: 
 b4c56452834133c774aa76b991c00f206e0cf507d8991933edc1575ac9326084 2941 
subversion_1.6.17dfsg-4+deb7u3.dsc
 45a8a067b65cfe5326f9676f991d82f39d67f8309c35e58f67e689eb702679d0 7757112 
subversion_1.6.17dfsg.orig.tar.gz
 6b366ef037c7d57222ab14b5196a125a4f6da59bbad8dde6d681464539643cf0 113574 
subversion_1.6.17dfsg-4+deb7u3.diff.gz
 f0385a93b259269d554920b3c161f457a348d8ed0e4762f369a59bbe12958b4a 2084032 
libsvn-doc_1.6.17dfsg-4+deb7u3_all.deb
 afc88b9a88744a64920ee13c7841394bad39ce752f5465efc0fd8a8863526516 225100 
subversion-tools_1.6.17dfsg-4+deb7u3_all.deb
 589504e228c1189b870ce8b7a24098b6ab2e80f9d4a3abe43a09114988d85cb6 764 
libsvn-ruby_1.6.17dfsg-4+deb7u3_all.deb
 54fa12c03ce7551040f9e266055076ec5b1c4c16bc2fe0fab3b54b407523b6b4 1320680 
subversion_1.6.17dfsg-4+deb7u3_amd64.deb
 8a3ce8292aeff58afd6476efb2328e5acd07f3dc20ee05b89d16c0330abf8196 935602 
libsvn1_1.6.17dfsg-4+deb7u3_amd64.deb
 acdf7469f6bac5caaaf897c1d7fe203263a9406b94d2300376e67cace00a08fc 1423756 
libsvn-dev_1.6.17dfsg-4+deb7u3_amd64.deb
 ef509fbcb87d13484a67891c2e31bb3b7fa780b47a02b85d479e8b92e396b283 172954 
libapache2-svn_1.6.17dfsg-4+deb7u3_amd64.deb
 24b06f22a330f1957dff530bfd5a8ee6825081b0b52e2ab007c455a1265a0281 1339950 
python-subversion_1.6.17dfsg-4+deb7u3_amd64.deb
 bf397144db27968bc0eb382f50e66d369250699a518cc00eb7e1cd924a872eac 306454 
libsvn-java_1.6.17dfsg-4+deb7u3_amd64.deb
 4c5f140ab27d8bc4502489b90a3813fe27f934fba9b5a274c257dc726b5c5a73 1082472 
libsvn-perl_1.6.17dfsg-4+deb7u3_amd64.deb
 38af4405c2a899ed8944fb088c11374ddcb710fc902e0053f986795106091470 629674 
libsvn-ruby1.8_1.6.17dfsg-4+deb7u3_amd64.deb
Files: 
 8fe137770077449c231af4728a960da0 2941 vcs optional 
subversion_1.6.17dfsg-4+deb7u3.dsc
 2bb85bcf6f1fb1ccec11dc2b4c89463b 7757112 vcs optional 
subversion_1.6.17dfsg.orig.tar.gz
 fb89280d3bd228235c160eca173f44b8 113574 vcs optional 
subversion_1.6.17dfsg-4+deb7u3.diff.gz
 098cff68a9af1f1df20d7beb38a5d5da 2084032 doc extra 
libsvn-doc_1.6.17dfsg-4+deb7u3_all.deb
 7f3b20b4eb96173e28de09374f955b78 225100 vcs extra 
subversion-tools_1.6.17dfsg-4+deb7u3_all.deb
 2141a28a1a107c2bb5f5d8c3be5e71af 764 ruby optional 
libsvn-ruby_1.6.17dfsg-4+deb7u3_all.deb
 7a664ee8c25ed82ddfdb832162f6cb47 1320680 vcs optional 
subversion_1.6.17dfsg-4+deb7u3_amd64.deb
 f456cb6cce4904cd31954836304b8330 935602 vcs optional 
libsvn1_1.6.17dfsg-4+deb7u3_amd64.deb
 96f6624c5bbf8be9d8492a8f866e566d 1423756 libdevel extra 
libsvn-dev_1.6.17dfsg-4+deb7u3_amd64.deb
 c4b58ccded6b526716d9f36c549fc09e 172954 httpd optional 
libapache2-svn_1.6.17dfsg-4+deb7u3_amd64.deb
 01add55473f7910e8e21c35ff96c9ed7 1339950 python optional 
python-subversion_1.6.17dfsg-4+deb7u3_amd64.deb
 8108251f1a1234a5f8a78da977755496 306454 java optional 
libsvn-java_1.6.17dfsg-4+deb7u3_amd64.deb
 a517619f9d04bd65e0991240aa609414 1082472 perl optional 
libsvn-perl_1.6.17dfsg-4+deb7u3_amd64.deb
 34e63f4905572264a26b4f623f7535c6 629674 ruby optional 
libsvn-ruby1.8_1.6.17dfsg-4+deb7u3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJRsXdwAAoJEHidbwV/2GP+JYcP/3sG9XWBuUUSVrZLylTOVzvR
v9DxXsZjc1u1WX3yJBk8y5XujaamMF+lygpqtOY6D9diUxkpxqzAmArqM2hnnD8U
nfUBTIo5c7kVRVTPfi3Qb/kezq/dUu+J3c/3q8MkhdslOT7TEf/7tjVm/tuKMeIR
g79Q88SUqqhjKHSoOJV52b0WHFnUEkr+4+jVEC/ebBaNjXu6pZKZi6plNNr+/6dz
ZdFmxAEurqG4lFnzRXhQTRLhEJy520VfoQBSAgBQKT3BFwcx4sFRogaBxdFTG+fB
IqLrlYnJL6KKG7xs8/uQpHfMkHBV8dHciR+c435O+G3NF6kVnYNwkXhqxjNvg4eZ
V38zWaPddFcSDvZccSgSP90sbM6eJxMuLaMnSgTlAryIhkYMoHcuWGOQYkAj0sGF
undT0xBVRZCMh61j+E4xk1mSn0vYkMrwSYSPjsmVjuI8LTbLdAozDlcnBwpqCrWp
CNyuVEk+WURK96gwAoP2/k4FLYCdqh9v8Arysk22OuJC0UmHnt1U0mXg8hDY6ZoC
tS5naecFHr6LF7lu6jhGIZ7HhsJT88cMYgRWRrcWvo2V0i8bxywfbvHZ0C1K5qSR
0JurMoPXinZgV4JDX6Q/S3Qjpw6/8iNbteZ5nRLiCsCIRxtv6lsLo9ja63E6d0ir
mkXv67KXHGhjrJgwjYH5
=Sfsw
-----END PGP SIGNATURE-----

--- End Message ---