From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-announce-return-7005-listarch-cygwin-announce=sources.redhat.com@cygwin.com>
Received: (qmail 88954 invoked by alias); 30 Apr 2016 23:18:38 -0000
Mailing-List: contact cygwin-announce-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin-announce.cygwin.com>
List-Subscribe: <mailto:cygwin-announce-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin-announce/>
List-Post: <mailto:cygwin-announce@cygwin.com>
List-Help: <mailto:cygwin-announce-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-announce-owner@cygwin.com
Reply-To: The Cygwin Mailing List <cygwin@cygwin.com>
Mail-Followup-To: cygwin-announce@cygwin.com
Received: (qmail 16341 invoked by uid 89); 30 Apr 2016 20:01:28 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=1.5 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_NONE,SPF_SOFTFAIL autolearn=no version=3.3.2 spammy=SECURITY, authorization, Book, subversion
X-HELO: resqmta-ch2-06v.sys.comcast.net
Subject: [SECURITY] Updated: subversion-1.9.4-1
To: cygwin-announce@cygwin.com
From: David Rothenberger <daveroth@acm.org>
Message-ID: <959848ba-10e2-0dc2-f11b-ec3520e8d75d@acm.org>
Date: Sat, 30 Apr 2016 23:18:00 -0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.0
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-SW-Source: 2016-04/txt/msg00074.txt.bz2

SECURITY:
=========
This release fixes two security issues:

    CVE-2016-2167:
    svnserve/sasl may authenticate users using the wrong realm.
    http://subversion.apache.org/security/CVE-2016-2167-advisory.txt

    CVE-2016-2168:
    Remotely triggerable DoS vulnerability in mod_authz_svn during
    COPY/MOVE authorization check.
    http://subversion.apache.org/security/CVE-2016-2168-advisory.txt


NEWS:
=====
Please see the release notes

  http://subversion.apache.org/docs/release-notes/1.9.html

for more details about the changes in Subversion.

See

  http://svn.apache.org/repos/asf/subversion/tags/1.9.4/CHANGES

for more details about the changes in 1.9.4.


DESCRIPTION:
============
Subversion is a version control system designed to be a compelling
successor to CVS.

Please see 

  http://svnbook.red-bean.com/nightly/en/index.html

for the latest official release of the Subversion Book.

QUESTIONS:
==========
If you want to make a point or ask a question the Cygwin mailing list is
the appropriate place.