This update for subversion to 1.9.7 fixes security issues and bugs.
The following vulnerabilities were fixed:
- CVE-2017-9800: A remote attacker could have caused svn clients to
execute arbitrary code via specially crafted URLs in svn:externals and
svn:sync-from-url properties. (boo#1051362)
- CVE-2005-4900: SHA-1 collisions may cause repository inconsistencies
(boo#1026936)
The following bugfix changes are included:
- Add instructions for running svnserve as a user different from "svn",
and remove sysconfig variables that are no longer effective with the
systemd unit. (boo#1049448)