On 8/30/13 8:34 AM, Ben Reser wrote: > I'm happy to announce the release of Apache Subversion 1.8.3. > > Please note that Subversion 1.8.3 is the next release after Subversion 1.8.1. > The 1.8.2 release was not published publicly, due to issues found > during testing. > > Please choose the mirror closest to you by visiting: > > http://subversion.apache.org/download/#recommended-release > > This release addresses three security issues: > CVE-2013-4246: fsfs: corruption from editing packed revision properties > CVE-2013-4262: admin-side tools: symlink attack against pid file > CVE-2013-4246: svnserve: symlink attack against pid file > > More information on these vulnerabilities, including the relevant > advisories and potential attack vectors and workarounds, can be found > on the Subversion security website: > http://subversion.apache.org/security/
CVE-2013-4246 was inadvertantly used twice in this announcement. The corrent list of security issues follows: CVE-2013-4246: fsfs: corruption from editing packed revision properties CVE-2013-4262: admin-side tools: symlink attack against pid file CVE-2013-4277: svnserve: symlink attack against pid file