Comment 1 Lars Wendler (Polynomial-C) (RETIRED) 2019-01-23 10:50:32 UTC

(In reply to Hanno Boeck from comment #0)
> See
> https://subversion.apache.org/security/CVE-2018-11803-advisory.txt
> 
> Fixed in 1.10.4 and 1.11.1. We already have 1.11.1 in the tree, should it be
> stabilized?

No, I gonna add 1.10.4 to the tree today and replace stabilization of 1.10.3 with 1.10.4

Comment 2 Larry the Git Cow 2019-01-23 12:05:40 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=625515698353fe286516385c7d6c26ae8d3bc0b3

commit 625515698353fe286516385c7d6c26ae8d3bc0b3
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2019-01-23 11:58:36 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2019-01-23 12:05:33 +0000

    v-vcs/subversion: Security bump to version 1.10.4
    
    Bug: https://bugs.gentoo.org/676094
    Package-Manager: Portage-2.3.58, Repoman-2.3.12
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 dev-vcs/subversion/Manifest                 |   1 +
 dev-vcs/subversion/subversion-1.10.4.ebuild | 527 ++++++++++++++++++++++++++++
 2 files changed, 528 insertions(+)

Comment 3 Rolf Eike Beer 2019-01-27 11:24:46 UTC

sparc stable

Comment 4 Mikle Kolyada (RETIRED) 2019-01-27 19:44:30 UTC

amd64 stable

Comment 5 Larry the Git Cow 2019-01-31 18:04:29 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=053c4ec2d6ea59e671294b3d346122ca52ed66dc

commit 053c4ec2d6ea59e671294b3d346122ca52ed66dc
Author:     Tobias Klausmann <klausman@gentoo.org>
AuthorDate: 2019-01-31 18:04:03 +0000
Commit:     Tobias Klausmann <klausman@gentoo.org>
CommitDate: 2019-01-31 18:04:03 +0000

    dev-vcs/subversion-1.10.4-r0: alpha stable
    
    Bug: http://bugs.gentoo.org/676094
    Signed-off-by: Tobias Klausmann <klausman@gentoo.org>

 dev-vcs/subversion/subversion-1.10.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a6d98b580279056624c3f358e4a1f4786b4b71d0

commit a6d98b580279056624c3f358e4a1f4786b4b71d0
Author:     Tobias Klausmann <klausman@gentoo.org>
AuthorDate: 2019-01-31 18:04:03 +0000
Commit:     Tobias Klausmann <klausman@gentoo.org>
CommitDate: 2019-01-31 18:04:03 +0000

    dev-util/netsurf-buildsystem-1.7-r0: alpha stable
    
    Bug: http://bugs.gentoo.org/676094
    Signed-off-by: Tobias Klausmann <klausman@gentoo.org>

 dev-util/netsurf-buildsystem/netsurf-buildsystem-1.7.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=92a9935e1f08d2324ba25db0ed1fa808bb407f18

commit 92a9935e1f08d2324ba25db0ed1fa808bb407f18
Author:     Tobias Klausmann <klausman@gentoo.org>
AuthorDate: 2019-01-31 18:04:03 +0000
Commit:     Tobias Klausmann <klausman@gentoo.org>
CommitDate: 2019-01-31 18:04:03 +0000

    dev-libs/libutf8proc-2.2.0_p1-r1: alpha stable
    
    Bug: http://bugs.gentoo.org/676094
    Signed-off-by: Tobias Klausmann <klausman@gentoo.org>

 dev-libs/libutf8proc/libutf8proc-2.2.0_p1-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 6 Markus Meier 2019-01-31 20:20:46 UTC

arm stable

Comment 7 Thomas Deutschmann (RETIRED) 2019-02-15 18:21:59 UTC

x86 stable

Comment 8 Matt Turner 2019-03-17 21:37:08 UTC

ppc/ppc64 stable

Comment 9 Rolf Eike Beer 2019-03-20 19:47:47 UTC

hppa stable

Comment 10 Matt Turner 2019-03-21 22:34:10 UTC

ia64 stable

Comment 11 Matt Turner 2019-03-21 22:34:29 UTC

Oops. security@... reopening.

Comment 12 Yury German 2019-03-22 00:07:05 UTC

Summary:
========

  Malicious SVN clients can trigger a crash in mod_dav_svn by omitting
  the root path from a recursive directory listing request.

Known vulnerable:
=================

 Subversion 1.10.0 up to, and including, 1.10.3.
 Subversion 1.11.0.

Known fixed:
============

  Subversion 1.10.4.
  Subversion 1.11.1.

Details:
========

  Subversion 1.10.0 introduced server-side support for recursive directory
  listing operations. The implementation in mod_dav_svn failed to validate
  the root path of the directory listing provided by the client. If the
  client omits the root path, mod_dav_svn will deference an uninitialized
  pointer variable and crash the HTTPD worker process handling the request.

Comment 13 GLSAMaker/CVETool Bot 2019-04-02 04:36:53 UTC

This issue was resolved and addressed in
 GLSA 201904-08 at https://security.gentoo.org/glsa/201904-08
by GLSA coordinator Aaron Bauman (b-man).

Comment 14 Aaron Bauman (RETIRED) 2019-04-02 04:37:31 UTC

re-opened for cleanup

Comment 15 Larry the Git Cow 2019-04-15 06:48:25 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=64ca050d5c3447f07d0e146a6f52f45c0c532b11

commit 64ca050d5c3447f07d0e146a6f52f45c0c532b11
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2019-04-15 06:48:10 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2019-04-15 06:48:10 +0000

    dev-vcs/subversion: Security cleanup
    
    Bug: https://bugs.gentoo.org/676094
    Closes: https://bugs.gentoo.org/674984
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 dev-vcs/subversion/Manifest                        |   2 -
 .../subversion/files/subversion-1.9.7-kf5.patch    | 211 --------
 dev-vcs/subversion/subversion-1.9.7-r1.ebuild      | 531 ---------------------
 3 files changed, 744 deletions(-)