[CVE-2018-11803] Apache Subversion Denial of Service Vulnerability
This is a security notification for Apache Subversion HTTP Servers: CVE-2018-11803 Severity: Medium Affected Versions: Apache Subversion 1.11.0, 1.10.0 to 1.10.3 Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation. This issue can be triggered by any client on Subversion repositories configured for anonymous read access. If read access requires authentication, a denial of service attack can only be performed by an authenticated user. The Subversion releases 1.10.4 and 1.11.1 contain the fixes for this vulnerability and are available immediately at: https://dist.apache.org/repos/dist/release/subversion/?p=32084 Additional details, including patches for 1.10.3 and 1.11.0 can be found at: https://subversion.apache.org/security/CVE-2018-11803-advisory.txt We encourage users of Subversion to upgrade to the latest appropriate version as soon as reasonable. Thanks, - The Subversion Team
wc-queries-test test failure with -DSQLITE_ENABLE_STMT_SCANSTATUS
Hi, in Gentoo Linux, wc-queries-test test is failing (verified against v1.9.7-1.11.1: > START: wc-queries-test > DBG: Using Sqlite 3.25.3 > PASS: wc-queries-test 1: sqlite up-to-date > PASS: wc-queries-test 2: queries are parsable > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'MULTI-INDEX' in explanation > DBG: Unhandled sqlite operation 'MULTI-INDEX' in explanation > DBG: Unhandled sqlite operation 'MERGE' in explanation > DBG: Unhandled sqlite operation 'LEFT' in explanation > DBG: Unhandled sqlite operation 'RIGHT' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Expected 'SUBQUERIES', got 'QUERY' in 'COMPOUND QUERY' > DBG: Unhandled sqlite operation 'LEFT-MOST' in explanation > DBG: Unhandled sqlite operation 'UNION' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'SCALAR' in explanation > DBG: Unhandled sqlite operation 'SCALAR' in explanation > DBG: Unhandled sqlite operation 'SCALAR' in explanation > DBG: Unhandled sqlite operation 'SCALAR' in explanation > DBG: Expected 'SUBQUERIES', got 'QUERY' in 'COMPOUND QUERY' > DBG: Unhandled sqlite operation 'LEFT-MOST' in explanation > DBG: Unhandled sqlite operation 'UNION' in explanation > DBG: Unhandled sqlite operation 'MULTI-INDEX' in explanation > DBG: Unhandled sqlite operation 'MULTI-INDEX' in explanation > DBG: Unhandled sqlite operation 'MULTI-INDEX' in explanation > DBG: Unhandled sqlite operation 'SCALAR' in explanation > DBG: Unhandled sqlite operation 'MULTI-INDEX' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'MULTI-INDEX' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'MULTI-INDEX' in explanation > DBG: Unhandled sqlite operation 'SCALAR' in explanation > DBG: Unhandled sqlite operation 'SCALAR' in explanation > DBG: Unhandled sqlite operation 'MULTI-INDEX' in explanation > DBG: Unhandled sqlite operation 'MULTI-INDEX' in explanation > DBG: Unhandled sqlite operation 'SCALAR' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'MULTI-INDEX' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'MULTI-INDEX' in explanation > DBG: Expected 'SUBQUERIES', got 'QUERY' in 'COMPOUND QUERY' > DBG: Unhandled sqlite operation 'LEFT-MOST' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'UNION' in explanation > DBG: Unhandled sqlite operation 'SCALAR' in explanation > DBG: Unhandled sqlite operation 'MULTI-INDEX' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'MULTI-INDEX' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'SCALAR' in explanation > DBG: Unhandled sqlite operation 'MERGE' in explanation > DBG: Unhandled sqlite operation 'LEFT' in explanation > DBG: Unhandled sqlite operation 'RIGHT' in explanation > DBG: Unhandled sqlite operation 'SCALAR' in explanation > DBG: Unhandled sqlite operation 'MERGE' in explanation > DBG: Unhandled sqlite operation 'LEFT' in explanation > DBG: Unhandled sqlite operation 'RIGHT' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'SCALAR' in explanation > DBG: Unhandled sqlite operation 'SCALAR' in explanation > DBG: Unhandled sqlite operation 'SCALAR' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'CORRELATED' in explanation > DBG: Unhandled sqlite operation 'S
Re: Subversion 1.10.4
On 22.01.2019 14:29, Joachim Poppe wrote: > Hi, > > there is no valid release date within CHANGES file of this version: > > Version 1.10.4 > (?? ??? 2019, from /branches/1.10.x) > http://svn.apache.org/repos/asf/subversion/tags/1.10.4 > > ... > > Is this LTS version released or not? Yes, it is. The missing date is an oversight. -- Brane
Subversion 1.10.4
Hi, there is no valid release date within CHANGES file of this version: Version 1.10.4 (?? ??? 2019, from /branches/1.10.x) http://svn.apache.org/repos/asf/subversion/tags/1.10.4 ... Is this LTS version released or not? Kind regards Joachim ___ Dipl.-Ing. Joachim Poppe PHOENIX CONTACT Electronics GmbH Business Unit Control Systems Research & Development Dringenauer Strasse 30 D-31812 Bad Pyrmont Phone: +49 5281 / 946 - 1642 Fax:+49 5281 / 946 - 1214 mailto:jpo...@phoenixcontact.com http://www.phoenixcontact.com .. PHOENIX CONTACT ELECTRONICS GmbH Sitz der Gesellschaft / registered office of the company: 31812 Bad Pyrmont USt-Id-Nr.: DE811742156 Amtsgericht Hannover HRB 100528 / district court Hannover HRB 100528 Geschäftsführer / Executive Board: Ulrich Leidecker, Christoph Leifer __ Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren, jegliche anderweitige Verwendung sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure, distribution or other use of the material or parts thereof is strictly forbidden. ___
