Checkout Tools
  • last updated 2 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Add recent CVEs to the list, and add my signature on their advisories.
Disclose CVE-2018-11782 and CVE-2019-0203.
  1. … 2 more files in changeset.
Add CVE-2018-11803 notices to the website.

* index.html, news.html

- Add security announcement.

- Include CVE link in 1.11.1 and 1.10.4 release announcements.

- Ensure anchor ids are unique.

* security/CVE-2018-11803-advisory.txt New file.

* security/CVE-2018-11803-advisory.txt.asc New file.

* security/index.html

Add links to CVE-2018-11803 advisory and signature.

  1. … 2 more files in changeset.
* site/publish: Merge from staging.
  1. … 41 more files in changeset.
* security/sha1-advisory.txt: Set svn:mime-type to render Øyvind's name correctly.

* site/publish/security/CVE-2017-9800/advisory.txt,

site/publish/security/CVE-2017-9800/advisory.txt.asc:

Update the CVE-2017-9800 advisory.

Fill in the Details section to explain how the attack actually works.

Provide an example config setting which disables svn+ssh URLs and

prevents the attack.

Explain why the -- workaround cannot work with PuTTY.

Move the discussion of "custom tunnels" further down to draw less

attention to it. Most people don't use costom tunnels, and prominent

mention of them will confuse users who are unfamiliar with the svn+ssh

and tunnel mechanisms in the first place.

* security/CVE-2017-9800-advisory.txt: Link to the example hook.
Release Subversion 1.9.7 with a fix for CVE-2017-9800.
  1. … 5 more files in changeset.
* security/index.html

(sha1-advisory.txt): Clarify affected versions.

* security/index.html: Put versions in the right order in SHA1 entry.

Suggested by: danielsh

* security/index.html: Add missing </tr> (thanks danielsh). Note that

versions affected by SHA1 collisions.

* security/index.html: Add missing <tr>.

* security/index.html: Link to SHA1 advisory.

Publish our SHA1 advisory under security/sha1-advisory.txt

* site/publish/security/index.html: Simplify the long "Affected Version(s)"

column for CVE-2013-2088. This should make the table easier to read.

Update the site for 1.8.17 and 1.9.5 releases.

* site/publish/doap.rdf: Update versions.

* site/publish/docs/release-notes/release-history.html: Add Subversion 1.8.17

and 1.9.5 entries.

* site/publish/download.html: Adjust both the recommended and supported

versions and file checksums.

* site/publish/news.html: Add news items about Subversion 1.8.17 and 1.9.5.

* site/publish/index.html: Add news items about Subversion 1.8.17 and 1.9.5.

Remove two oldest items from this page.

* site/publish/security/CVE-2016-8734-advisory.txt: New file.

Set svn:eol-style to "LF" (we provide a detached signature for this file,

which would become invalid with EOL translation).

* site/publish/security/CVE-2016-8734-advisory.txt.asc: New file.

* site/publish/security/index.html: Append CVE-2016-8734 entry.

  1. … 5 more files in changeset.
Update the site for 1.8.16 and 1.9.4 releases, including the security

advisories fixed by those releases.

* site/publish/doap.rdf: Update the versions.

* site/publish/docs/release-notes/release-history.html: Add Subversion 1.8.16

and 1.9.4 entries.

* site/publish/download.html: Adjust both the recommended and supported

versions and the file checksums.

* site/publish/news.html: Add news items about Subversion 1.8.16 and 1.9.4.

* site/publish/index.html: Add news items about Subversion 1.8.16 and 1.9.4.

Remove two oldest items from this page.

* site/publish/security/CVE-2016-2167-advisory.txt,

site/publish/security/CVE-2016-2168-advisory.txt: Add new files.

* site/publish/security/index.html: Append CVE-2016-2167 and CVE-2016-2168

entries.

  1. … 5 more files in changeset.
Update the site for 1.8.15 and 1.9.3 releases, including the security

advisories fixed by those releases.

* site/publish/doap.rdf: Update the versions.

* site/publish/docs/release-notes/release-history.html: Add Subversion 1.8.15

and 1.9.3 entries.

* site/publish/docs/release-notes/1.9.html

(no-op-changes): Adjust the state of this issue.

* site/publish/download.html: Adjust both the recommended and supported

versions and the file checksums.

* site/publish/news.html: Add news items about Subversion 1.8.15 and 1.9.3.

* site/publish/index.html: Add news items about Subversion 1.8.15 and 1.9.3.

Remove two oldest items from this page.

* site/publish/security/CVE-2015-5259-advisory.txt,

site/publish/security/CVE-2015-5343-advisory.txt: Add new files.

* site/publish/security/index.html: Append CVE-2015-5259 and CVE-2015-5343

entries.

  1. … 6 more files in changeset.
Publish CVE-2015-3184 and CVE-2015-3187 advisories.

Update website for 1.8.13 and 1.7.20 releases.

  1. … 6 more files in changeset.
Update website for 1.7.19 and 1.8.11 releases.

  1. … 5 more files in changeset.
Update website for 1.7.18 and 1.8.10 releases.

  1. … 5 more files in changeset.
Update site for 1.8.8 release and publish the advisory for CVE-2014-0032.

  1. … 5 more files in changeset.
Fix a typo in CVE-2013-4558 advisory.

Patch by: danielsh

Update site for 1.7.14 and 1.8.5 releases (including CVE advisory publication)

  1. … 5 more files in changeset.
Add advisories for CVE-2013-4246, 4262, 4277.

Update site for 1.7.11 and 1.8.1

  1. … 5 more files in changeset.
Add reported entry for CVE-2013-2088 advisory.

* publish/security/CVE-2013-2088-advisory.txt: Fix typo.

Add security advisories for 1.6.23 and 1.7.10