Subversion 1.6.17 Released

Wed, 01 Jun 2011 13:07:20 -0700 

I'm happy to announce Subversion 1.6.17, available from:

    http://subversion.tigris.org/downloads/subversion-1.6.17.tar.bz2
    http://subversion.tigris.org/downloads/subversion-1.6.17.tar.gz
    http://subversion.tigris.org/downloads/subversion-1.6.17.zip
    http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.bz2
    http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.gz
    http://subversion.tigris.org/downloads/subversion-deps-1.6.17.zip

This release addesses three security issues:
    CVE-2011-1752: Server NULL-pointer dereference
    CVE-2011-1783: Server memory exhaustion
    CVE-2011-1921: mod_dav_svn exposure of unreadable paths

More information on these vulnerabilities, including the relevent advisories
and potential attack vectors and workarounds, can be found on the Subversion
security website:
    http://subversion.apache.org/security/

The MD5 checksums are:

    81e5dc5beee4b3fc025ac70c0b6caa14  subversion-1.6.17.tar.bz2
    aa0f54aacac21bf5c84079e551357c15  subversion-1.6.17.tar.gz
    a3a4dedd9ec782d3da4465694ce012d4  subversion-1.6.17.zip
    1f01f237498555091269f2432ae1e140  subversion-deps-1.6.17.tar.bz2
    1d99a1b4d56b5922ed1644a22c42c9e4  subversion-deps-1.6.17.tar.gz
    7ec846c284e3d6e1689dfcbca06958ab  subversion-deps-1.6.17.zip

The SHA1 checksums are:

    6e3ed7c87d98fdf5f0a999050ab601dcec6155a1  subversion-1.6.17.tar.bz2
    2ddf55622f0a742d8474feaa69596b2f7c4f1084  subversion-1.6.17.tar.gz
    ec9c3980150242129783529e7db6f5a04936d49a  subversion-1.6.17.zip
    ebfda3416c09a91dbcf744a22ea83ed827ad3495  subversion-deps-1.6.17.tar.bz2
    878fb197243435bfe44d45abff8875d4d98cd196  subversion-deps-1.6.17.tar.gz
    a14f6abc14d38c2ce0e637edf83bce4534e19717  subversion-deps-1.6.17.zip

PGP Signatures are available at:

    http://subversion.tigris.org/downloads/subversion-1.6.17.tar.bz2.asc
    http://subversion.tigris.org/downloads/subversion-1.6.17.tar.gz.asc
    http://subversion.tigris.org/downloads/subversion-1.6.17.zip.asc
    http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.bz2.asc
    http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.gz.asc
    http://subversion.tigris.org/downloads/subversion-deps-1.6.17.zip.asc

For this release, the following people have provided PGP signatures:

   Senthil Kumaran S [1024D/6CCD4038] with fingerprint:
    8035 16A5 1D6E 50E2 1ECD  DE56 F68D 46FB 6CCD 4038
   Philip Martin [2048R/ED1A599C] with fingerprint:
    A844 790F B574 3606 EE95  9207 76D7 88E1 ED1A 599C
   Paul T. Burba [1024D/53FCDC55] with fingerprint:
    E630 CF54 792C F913 B13C  32C5 D916 8930 53FC DC55
   Bert Huijben [1024D/9821F7B2] with fingerprint:
    2017 F51A 2572 0E78 8827  5329 FCFD 6305 9821 F7B2
   Hyrum K. Wright [1024D/4E24517C] with fingerprint:
    3324 80DA 0F8C A37D AEE6  D084 0B03 AE6E 4E24 517C
   C. Michael Pilato [1024D/1706FD6E] with fingerprint:
    20BF 14DC F02F 2730 7EA4  C7BB A241 06A9 1706 FD6E
   Stefan Sperling [1024D/F59D25F0] with fingerprint:
    B1CF 1060 A1E9 34D1 9E86  D6D6 E5D3 0273 F59D 25F0
   Mark Phippard [1024D/035A96A9] with fingerprint:
    D315 89DB E1C1 E9BA D218  39FD 265D F8A0 035A 96A9

Release notes for the 1.6.x release series may be found at:

    http://subversion.apache.org/docs/release-notes/1.6.html

You can find the list of changes between 1.6.17 and earlier versions at:

    http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES

Questions, comments, and bug reports to [email protected].

Thanks,
- The Subversion Team

Reply via email to