From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-return-202933-listarch-cygwin=sourceware.org@cygwin.com>
Received: (qmail 89411 invoked by alias); 30 Apr 2016 23:18:41 -0000
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Received: (qmail 89340 invoked by uid 89); 30 Apr 2016 23:18:41 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-HELO: localhost.localdomain
Received: from localhost (HELO localhost.localdomain) (127.0.0.1) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sat, 30 Apr 2016 23:18:40 +0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=1.5 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_NONE,SPF_SOFTFAIL autolearn=no version=3.3.2 spammy=SECURITY, authorization, Book, subversion
Subject: [ANNOUNCEMENT] [SECURITY] Updated: subversion-1.9.4-1
To: cygwin@cygwin.com
From: David Rothenberger <daveroth@acm.org>
Message-Id: <announce.959848ba-10e2-0dc2-f11b-ec3520e8d75d@acm.org>
Date: Sat, 30 Apr 2016 23:19:00 -0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.0
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Reply-To: cygwin@cygwin.com
X-SW-Source: 2016-04/txt/msg00667.txt.bz2

SECURITY:
=========
This release fixes two security issues:

    CVE-2016-2167:
    svnserve/sasl may authenticate users using the wrong realm.
    http://subversion.apache.org/security/CVE-2016-2167-advisory.txt

    CVE-2016-2168:
    Remotely triggerable DoS vulnerability in mod_authz_svn during
    COPY/MOVE authorization check.
    http://subversion.apache.org/security/CVE-2016-2168-advisory.txt


NEWS:
=====
Please see the release notes

  http://subversion.apache.org/docs/release-notes/1.9.html

for more details about the changes in Subversion.

See

  http://svn.apache.org/repos/asf/subversion/tags/1.9.4/CHANGES

for more details about the changes in 1.9.4.


DESCRIPTION:
============
Subversion is a version control system designed to be a compelling
successor to CVS.

Please see 

  http://svnbook.red-bean.com/nightly/en/index.html

for the latest official release of the Subversion Book.

QUESTIONS:
==========
If you want to make a point or ask a question the Cygwin mailing list is
the appropriate place.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple