I'm happy to announce the release of Apache Subversion 1.8.15.
Please choose the mirror closest to you by visiting:
http://subversion.apache.org/download/#supported-releases
This release fixes one security issue:
CVE-2015-5343:
Remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn
caused by integer overflow when parsing skel-encoded request bodies.
http://subversion.apache.org/security/CVE-2015-5343-advisory.txt
The SHA1 checksums are:
680acf88f0db978fbbeac89ed63776d805b918ef subversion-1.8.15.tar.bz2
2f3349d86149a8fcaa73904e57f7ecab0d071a74 subversion-1.8.15.tar.gz
1f95224bba59ff07307156c9531e0e988daddcce subversion-1.8.15.zip
PGP Signatures are available at:
http://www.apache.org/dist/subversion/subversion-1.8.15.tar.bz2.asc
http://www.apache.org/dist/subversion/subversion-1.8.15.tar.gz.asc
http://www.apache.org/dist/subversion/subversion-1.8.15.zip.asc
For this release, the following people have provided PGP signatures:
Bert Huijben [4096R/CCC8E1DF] with fingerprint:
3D1D C66D 6D2E 0B90 3952 8138 C4A6 C625 CCC8 E1DF
Evgeny Kotkov [4096R/09F9FA74] with fingerprint:
E7B2 A7F4 EC28 BE9F F8B3 8BA4 B64F FF12 09F9 FA74
Ivan Zhakov [4096R/F6AD8147] with fingerprint:
4829 8F0F E47F 4B8A 43FD 6525 919F 6F61 F6AD 8147
Johan Corveleyn [4096R/010C8AAD] with fingerprint:
8AA2 C10E EAAD 44F9 6972 7AEA B59C E6D6 010C 8AAD
Julian Foad [4096R/4EECC493] with fingerprint:
6011 63CF 9D49 9FD7 18CF 582D 1FB0 64B8 4EEC C493
Philip Martin [2048R/ED1A599C] with fingerprint:
A844 790F B574 3606 EE95 9207 76D7 88E1 ED1A 599C
Stefan Fuhrmann [4096R/57921ACC] with fingerprint:
056F 8016 D9B8 7B1B DE41 7467 99EC 741B 5792 1ACC
Release notes for the 1.8.x release series may be found at:
http://subversion.apache.org/docs/release-notes/1.8.html
You can find the list of changes between 1.8.15 and earlier versions at:
http://svn.apache.org/repos/asf/subversion/tags/1.8.15/CHANGES
Questions, comments, and bug reports to users@subversion.apache.org.
Thanks,
- The Subversion Team
