subversion-1.6.11-15.AXS4

Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. Subversion only stores the differences between versions,
instead of every complete file. Subversion is intended to be a
compelling replacement for CVS.

With this release, following issues is fixed:

* CVE-2015-0248:
The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0
through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to
cause a denial of service (assertion failure and abort) via crafted
parameter combinations related to dynamically evaluated revision
numbers.

* CVE-2015-0251:
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0
through 1.8.11 allows remote authenticated users to spoof the
svn:author property via a crafted v1 HTTP protocol request sequences.

* CVE-2015-3187:
The svn_repos_trace_node_locations function in Apache Subversion
before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization
is used, allows remote authenticated users to obtain sensitive path
information by reading the history of a node that has been moved from
a hidden path.

These updated packages, which contain backported patches to correct these issues,
are strongly recommended to be installed by all subversion users.

After installing the updated packages successfully, for the update to take effect, you must restart the httpd daemon,
if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.