Hyrum Wright wrote on Wed, Jun 01, 2011 at 20:06:43 +0000: > I'm happy to announce Subversion 1.6.17, available from: > > http://subversion.tigris.org/downloads/subversion-1.6.17.tar.bz2 > http://subversion.tigris.org/downloads/subversion-1.6.17.tar.gz > http://subversion.tigris.org/downloads/subversion-1.6.17.zip > http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.bz2 > http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.gz > http://subversion.tigris.org/downloads/subversion-deps-1.6.17.zip >
Be advised: the 1.6.17 tag [1] in our repository does not match the tarballs at the time of this writing. Until we fix this, please use the tarballs or zip archives, and avoid installing 1.6.17 from the tag. Daniel [1] https://svn.apache.org/repos/asf/subversion/tags/1.6.17 > This release addesses three security issues: > CVE-2011-1752: Server NULL-pointer dereference > CVE-2011-1783: Server memory exhaustion > CVE-2011-1921: mod_dav_svn exposure of unreadable paths > > More information on these vulnerabilities, including the relevent advisories > and potential attack vectors and workarounds, can be found on the Subversion > security website: > http://subversion.apache.org/security/ > > The MD5 checksums are: > > 81e5dc5beee4b3fc025ac70c0b6caa14 subversion-1.6.17.tar.bz2 > aa0f54aacac21bf5c84079e551357c15 subversion-1.6.17.tar.gz > a3a4dedd9ec782d3da4465694ce012d4 subversion-1.6.17.zip > 1f01f237498555091269f2432ae1e140 subversion-deps-1.6.17.tar.bz2 > 1d99a1b4d56b5922ed1644a22c42c9e4 subversion-deps-1.6.17.tar.gz > 7ec846c284e3d6e1689dfcbca06958ab subversion-deps-1.6.17.zip > > The SHA1 checksums are: > > 6e3ed7c87d98fdf5f0a999050ab601dcec6155a1 subversion-1.6.17.tar.bz2 > 2ddf55622f0a742d8474feaa69596b2f7c4f1084 subversion-1.6.17.tar.gz > ec9c3980150242129783529e7db6f5a04936d49a subversion-1.6.17.zip > ebfda3416c09a91dbcf744a22ea83ed827ad3495 subversion-deps-1.6.17.tar.bz2 > 878fb197243435bfe44d45abff8875d4d98cd196 subversion-deps-1.6.17.tar.gz > a14f6abc14d38c2ce0e637edf83bce4534e19717 subversion-deps-1.6.17.zip > > PGP Signatures are available at: > > http://subversion.tigris.org/downloads/subversion-1.6.17.tar.bz2.asc > http://subversion.tigris.org/downloads/subversion-1.6.17.tar.gz.asc > http://subversion.tigris.org/downloads/subversion-1.6.17.zip.asc > http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.bz2.asc > http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.gz.asc > http://subversion.tigris.org/downloads/subversion-deps-1.6.17.zip.asc > > For this release, the following people have provided PGP signatures: > > Senthil Kumaran S [1024D/6CCD4038] with fingerprint: > 8035 16A5 1D6E 50E2 1ECD DE56 F68D 46FB 6CCD 4038 > Philip Martin [2048R/ED1A599C] with fingerprint: > A844 790F B574 3606 EE95 9207 76D7 88E1 ED1A 599C > Paul T. Burba [1024D/53FCDC55] with fingerprint: > E630 CF54 792C F913 B13C 32C5 D916 8930 53FC DC55 > Bert Huijben [1024D/9821F7B2] with fingerprint: > 2017 F51A 2572 0E78 8827 5329 FCFD 6305 9821 F7B2 > Hyrum K. Wright [1024D/4E24517C] with fingerprint: > 3324 80DA 0F8C A37D AEE6 D084 0B03 AE6E 4E24 517C > C. Michael Pilato [1024D/1706FD6E] with fingerprint: > 20BF 14DC F02F 2730 7EA4 C7BB A241 06A9 1706 FD6E > Stefan Sperling [1024D/F59D25F0] with fingerprint: > B1CF 1060 A1E9 34D1 9E86 D6D6 E5D3 0273 F59D 25F0 > Mark Phippard [1024D/035A96A9] with fingerprint: > D315 89DB E1C1 E9BA D218 39FD 265D F8A0 035A 96A9 > > Release notes for the 1.6.x release series may be found at: > > http://subversion.apache.org/docs/release-notes/1.6.html > > You can find the list of changes between 1.6.17 and earlier versions at: > > http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES > > Questions, comments, and bug reports to users@subversion.apache.org. > > Thanks, > - The Subversion Team
