[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2fefe468-7d41-11e7-aea1-9312c6089150@apache.org>
Date: Thu, 10 Aug 2017 18:04:26 +0000
From: Daniel Shahaf <danielsh@...che.org>
To: announce@...version.apache.org, users@...version.apache.org,
dev@...version.apache.org, announce@...che.org
Cc: security@...che.org, oss-security@...ts.openwall.com,
bugtraq@...urityfocus.com
Subject: [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released
I'm happy to announce the release of Apache Subversion 1.9.7.
Please choose the mirror closest to you by visiting:
http://subversion.apache.org/download.cgi?update=201708081800#recommended-release
This is a stable security release of the Apache Subversion open source
version control system. It fixes one security issue:
CVE-2017-9800:
Arbitrary code execution on clients through malicious svn+ssh URLs in
svn:externals and svn:sync-from-url
http://subversion.apache.org/security/CVE-2017-9800-advisory.txt
The SHA1 checksums are:
874b81749cdc3e88152d103243c3623ac6338388 subversion-1.9.7.tar.bz2
1a5f48acf9d0faa60e8c7aea96a9b29ab1d4dcac subversion-1.9.7.tar.gz
741727b62596bf27f75838c46d1bb6938c83fbd7 subversion-1.9.7.zip
SHA-512 checksums are available at:
https://www.apache.org/dist/subversion/subversion-1.9.7.tar.bz2.sha512
https://www.apache.org/dist/subversion/subversion-1.9.7.tar.gz.sha512
https://www.apache.org/dist/subversion/subversion-1.9.7.zip.sha512
PGP Signatures are available at:
http://www.apache.org/dist/subversion/subversion-1.9.7.tar.bz2.asc
http://www.apache.org/dist/subversion/subversion-1.9.7.tar.gz.asc
http://www.apache.org/dist/subversion/subversion-1.9.7.zip.asc
For this release, the following people have provided PGP signatures:
Johan Corveleyn [4096R/B59CE6D6010C8AAD] with fingerprint:
8AA2 C10E EAAD 44F9 6972 7AEA B59C E6D6 010C 8AAD
Stefan Sperling [2048R/4F7DBAA99A59B973] with fingerprint:
8BC4 DAE0 C5A4 D65F 4044 0107 4F7D BAA9 9A59 B973
Evgeny Kotkov [4096R/B64FFF1209F9FA74] with fingerprint:
E7B2 A7F4 EC28 BE9F F8B3 8BA4 B64F FF12 09F9 FA74
Stefan Hett (CODE SIGNING KEY) [4096R/376A3CFD110B1C95] with fingerprint:
7B8C A7F6 451A D89C 8ADC 077B 376A 3CFD 110B 1C95
Daniel Shahaf [3072R/A5FEEE3AC7937444] with fingerprint:
E966 46BE 08C0 AF0A A0F9 0788 A5FE EE3A C793 7444
Philip Martin [2048R/76D788E1ED1A599C] with fingerprint:
A844 790F B574 3606 EE95 9207 76D7 88E1 ED1A 599C
Release notes for the 1.9.x release series may be found at:
http://subversion.apache.org/docs/release-notes/1.9.html
You can find the list of changes between 1.9.7 and earlier versions at:
http://svn.apache.org/repos/asf/subversion/tags/1.9.7/CHANGES
Questions, comments, and bug reports to users@...version.apache.org.
Thanks,
- The Subversion Team
Powered by blists - more mailing lists