This bug was fixed in the package apr - 1.4.6-1
Sponsored for Blair Zajac (blair)
---------------
apr (1.4.6-1) unstable; urgency=low
* New upstream release:
- Fixes apr_file_trunc() bug which could lead to subversion repository
corruption. Closes: #664451
- Adds randomization to hashes. CVE-2012-0840 (but not known to be
exploitable in httpd or svn). Closes: #655435
* Remove Tollef Fog Heen and Ryan Niebur from uploaders. Thanks for your
work in the past.
-- Stefan Fritsch <s...@debian.org> Sun, 18 Mar 2012 23:22:59 +0100
** Changed in: apr (Ubuntu)
Importance: Undecided => Medium
** Changed in: apr (Ubuntu)
Milestone: None => ubuntu-12.04-beta-2
** Also affects: apr (Ubuntu Precise)
Importance: Medium
Status: New
** Changed in: apr (Ubuntu)
Status: New => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-0840
** Also affects: apr (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: apr (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: apr (Ubuntu Oneiric)
Importance: Undecided
Status: New
** Also affects: apr (Ubuntu Natty)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apr in Ubuntu.
https://bugs.launchpad.net/bugs/957727
Title:
apr: update to 1.4.6 to fix svn fsfs repository corruption
To manage notifications about this bug go to:
https://bugs.launchpad.net/apr/+bug/957727/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
