Bug#711033: marked as done (CVE-2013-2112 CVE-2013-1968)

[Debian Bug Tracking System]

Your message dated Sun, 16 Jun 2013 19:47:26 +0000
with message-id <e1uoiv8-00077s...@franck.debian.org>
and subject line Bug#711033: fixed in subversion 1.6.12dfsg-7
has caused the Debian Bug report #711033,
regarding CVE-2013-2112 CVE-2013-1968
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
711033: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711033
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: subversion
Severity: grave
Tags: security
Justification: user security hole

Please see
http://subversion.apache.org/security/CVE-2013-2112-advisory.txt

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: subversion
Source-Version: 1.6.12dfsg-7

We believe that the bug you reported is fixed in the latest version of
subversion, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 711...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated subversion 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 06 Jun 2013 09:06:48 +0200
Source: subversion
Binary: subversion libsvn1 libsvn-dev libsvn-doc libapache2-svn 
python-subversion subversion-tools libsvn-java libsvn-perl libsvn-ruby1.8 
libsvn-ruby
Architecture: source all amd64
Version: 1.6.12dfsg-7
Distribution: squeeze-security
Urgency: high
Maintainer: Salvatore Bonaccorso <car...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Description: 
 libapache2-svn - Subversion server modules for Apache
 libsvn-dev - Development files for Subversion libraries
 libsvn-doc - Developer documentation for libsvn
 libsvn-java - Java bindings for Subversion
 libsvn-perl - Perl bindings for Subversion
 libsvn-ruby - Ruby bindings for Subversion (dummy package)
 libsvn-ruby1.8 - Ruby bindings for Subversion
 libsvn1    - Shared libraries used by Subversion
 python-subversion - Python bindings for Subversion
 subversion - Advanced version control system
 subversion-tools - Assorted tools related to Subversion
Closes: 711033
Changes: 
 subversion (1.6.12dfsg-7) squeeze-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add CVE-2013-1968.patch patch.
     CVE-2013-1968: Subversion FSFS repositories can be corrupted by newline
     characters in filenames. (Closes: #711033)
   * Add CVE-2013-2112.patch patch.
     CVE-2013-2112: Fix remotely triggerable DoS vulnerability. (Closes: 
#711033)
Checksums-Sha1: 
 af4993dbe498d9e3a124df6ab1bd42fd0b8f864e 2591 subversion_1.6.12dfsg-7.dsc
 460b0ef3f07b8af7e0f05d5ff52bf4373e1ad030 108990 subversion_1.6.12dfsg-7.diff.gz
 58d5d644a6a04a57e4daf1533dfb9ce07ba1bbf5 1962894 
libsvn-doc_1.6.12dfsg-7_all.deb
 21a489d3dad020c1cfc64a22109703ef938d7951 221162 
subversion-tools_1.6.12dfsg-7_all.deb
 c9ef86d9f283d28f2f3bdbe0c1e226948935f43d 760 libsvn-ruby_1.6.12dfsg-7_all.deb
 4aba7f05c234167c932aad69a9fb16b90e038390 1312924 
subversion_1.6.12dfsg-7_amd64.deb
 a799fa498c5d167db565f9a134dcf7e23f7be61b 982180 libsvn1_1.6.12dfsg-7_amd64.deb
 f1e21f8a3c489dca04bc885808421a17feaa7e7b 1356302 
libsvn-dev_1.6.12dfsg-7_amd64.deb
 22cda51835948e973ea914f6280fc2e32bcd3ec7 167100 
libapache2-svn_1.6.12dfsg-7_amd64.deb
 fb8cc681fd02996d075daa49120d7de19126e34a 1323900 
python-subversion_1.6.12dfsg-7_amd64.deb
 bf3be9c17cf5b83f0794d5e8e0775d5fd042be20 305190 
libsvn-java_1.6.12dfsg-7_amd64.deb
 d211b72293fff4c3afe8e742681cf8e2a61ebfe5 1177650 
libsvn-perl_1.6.12dfsg-7_amd64.deb
 754d6c00bd23df2f64ff70b95e05f309a13a0cf1 610346 
libsvn-ruby1.8_1.6.12dfsg-7_amd64.deb
Checksums-Sha256: 
 ae992f7ffc1ed74e50cc5966446619be6b31d1288e04e0fbacf742dde8454505 2591 
subversion_1.6.12dfsg-7.dsc
 fa83da301d6dcea99ab6975478771744dcd7f016242127a345cd463cbaf09a73 108990 
subversion_1.6.12dfsg-7.diff.gz
 f3c632f446bcfa653d1c6d6a09f9eb085dfadc687b68b27537fde2ddb316416c 1962894 
libsvn-doc_1.6.12dfsg-7_all.deb
 f7d0d500698e83e786ff54c6b9b0d26ec382975ae2879d31a22eff006496d294 221162 
subversion-tools_1.6.12dfsg-7_all.deb
 2e0dbb50e562128f9cdc414ed0f4fe3cb9b4ca803db9d81953d4afe0bb804ac1 760 
libsvn-ruby_1.6.12dfsg-7_all.deb
 0700a1cfd83e16cfe41cc3050ae7f166b3d9bf5714e96856f64ec4f52d7521c6 1312924 
subversion_1.6.12dfsg-7_amd64.deb
 b9b9fba51a165e18cef3934bf6a6fa222d3a2737b124ff2af2eea21b3feed893 982180 
libsvn1_1.6.12dfsg-7_amd64.deb
 d03b9854dc142bc076297817bca6325061bd4863fa04c1f8b629eccc5c1d6200 1356302 
libsvn-dev_1.6.12dfsg-7_amd64.deb
 acf47d65dcb7a753cda24ebf9f2a1e9b5f583ae6bf944c2b8782f0a2f2c7ce4b 167100 
libapache2-svn_1.6.12dfsg-7_amd64.deb
 95c6f89542dcdb6cc2271d23a69b1450ded97c5c666359ce01f7824812f3343a 1323900 
python-subversion_1.6.12dfsg-7_amd64.deb
 bf62ddd5a20c96d43c36711554b6ff28393b2162e23160120566fb137b47d006 305190 
libsvn-java_1.6.12dfsg-7_amd64.deb
 665a2eff7d0f70eb698c081734c5fa0859d6c49fffdb0f7f3b3f49ff92d58a0f 1177650 
libsvn-perl_1.6.12dfsg-7_amd64.deb
 c0931757b43352c1b2a5aacc5a0be6784dd1c39924f5563206db9d501a37f5cb 610346 
libsvn-ruby1.8_1.6.12dfsg-7_amd64.deb
Files: 
 57b981e048e576d19e56b5d13e5fad7c 2591 vcs optional subversion_1.6.12dfsg-7.dsc
 620ae7136d96070ab0efd06a073f7ac8 108990 vcs optional 
subversion_1.6.12dfsg-7.diff.gz
 d252c37d1ac6c6e6677133a12d4244c1 1962894 doc extra 
libsvn-doc_1.6.12dfsg-7_all.deb
 e6355c9a24fb537e10c9ee5b46d59942 221162 vcs extra 
subversion-tools_1.6.12dfsg-7_all.deb
 7809d1681046190627fbfe04980c96bb 760 ruby optional 
libsvn-ruby_1.6.12dfsg-7_all.deb
 003b755d40b58cb0dd446b00c6717e15 1312924 vcs optional 
subversion_1.6.12dfsg-7_amd64.deb
 f0f42ebdef1d53246d28e5709b4b5443 982180 vcs optional 
libsvn1_1.6.12dfsg-7_amd64.deb
 dc316b9495637159cea1a04396680bb7 1356302 vcs extra 
libsvn-dev_1.6.12dfsg-7_amd64.deb
 29829baf8b1d9855a04434b1f83b0f76 167100 httpd optional 
libapache2-svn_1.6.12dfsg-7_amd64.deb
 461ed1749213628c2df782f9e6d3a5e7 1323900 python optional 
python-subversion_1.6.12dfsg-7_amd64.deb
 845b48ee65a0703992a2d1ce6773e3fd 305190 java optional 
libsvn-java_1.6.12dfsg-7_amd64.deb
 90d0a00aec83ffd9775791a146184b6d 1177650 perl optional 
libsvn-perl_1.6.12dfsg-7_amd64.deb
 2a08f3df4633baa367806f872c5d87ac 610346 ruby optional 
libsvn-ruby1.8_1.6.12dfsg-7_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJRsb5JAAoJEHidbwV/2GP+IkUP/AvVMLIto6hIQiLsNeJQatDU
uVykL8kFl5OpVl+PFzhlWgPzP2LClks0kuw4pZhghudM/8gLknxgbF4hFlukoKR0
GzrV0VAENeFxoeXwnPd2LSBFdFULXOuP9EsNXEUy1EoT/NLuXIemIVQmuNyyRe2R
MmgKcwZ73pujSiFRwOVWCBA7xB0SZTuLtbZOZQrObsBumB9Fvw3jua9lLH6Oricl
IkEhI3diW+3LyIii+VvHb52bA2LuUfv3P4RPA7SrmoaLBhCEAtu5qPFNonlHYSeu
ZyxJuzXgGDSNj7tIrxCpartw2KMz5VUfEXTBYBvGwOcm/N0PSpS5HjyyNZjQ344L
0X1AJUeAVavQI1cd7anvku07NFQC+c8i/3dFtLk3q4+QaQI72EiD9IcDZEGnjZ2T
oxrjtnLcTNUGa/QQI4c8mM29/ZINafcqfSY0f+KW2QjAqjZqA6jUB1zJLPTaERg4
3lPvzxxuiCnM8M7y40lWwnYNyhnaYfq9hxqdwMCqnif45Qbq+x69H0qGleVSPnFC
Gu0lOYBB06OBEpvPUI6A5+yz9kQb3B+lKPfDEvoLGNHcsli38mLUFFiN6DBSDVwp
cpjpsrogZDZuD8Vvd9hj2z/8O+9k6EMRiNPDgjZkTiQ97MMZmFsYlbg1UVBqk8V8
yU1X8zTL1M7ezUrIxzLZ
=NWF+
-----END PGP SIGNATURE-----

--- End Message ---