August 10, 2009, 2:16 pm
Resolved Bugs
506781 – Subversion not compiled with support for gnome-keyring or kwallet
506048 – trac does not work with subversion due to sqlite configuration problem – SubversionException: ‘Could not configure SQLite’
514744 – CVE-2009-2411 subversion: integer overflow
This update includes the latest stable release of Subversion, fixing many bugs and a security issue: Matt Lewis reported multiple heap overflow flaws in Subversion (servers and clients) when parsing binary deltas. Malicious users with commit access to a vulnerable server could uses these flaws to cause a heap overflow on the server running Subversion. A malicious Subversion server could use these flaws to cause a heap overflow on vulnerable clients when they attempt to checkout or update, resulting in a crash or, possibly, arbitrary code execution on the vulnerable client. (CVE-2009-2411) This update also adds support for storing passwords in the GNOME Keyring or KDE Wallet, via the new subversion-gnome and subversion-kde subpackages. For more details of the bug fixes included in this update, see: http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES…