[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 207-1] subversion security update

Package        : subversion
Version        : 1.6.12dfsg-7+deb6u2
CVE ID         : CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849 
                 CVE-2014-0032 CVE-2015-0248 CVE-2015-0251
Debian Bug     : 704940 737815

Several vulnerabilities were discovered in Subversion, a version control
system. The Common Vulnerabilities and Exposures project identifies the
following problems:


    Subversion mod_dav_svn and svnserve were vulnerable to a remotely
    triggerable assertion DoS vulnerability for certain requests with
    dynamically evaluated revision numbers.


    Subversion HTTP servers allow spoofing svn:author property values for
    new revisions via specially crafted v1 HTTP protocol request


    Subversion mod_dav_svn was vulnerable to a denial of service attack
    through a remotely triggered memory exhaustion.

CVE-2013-1846 / CVE-2013-1847 / CVE-2013-1849 / CVE-2014-0032

    Subversion mod_dav_svn was vulnerable to multiple remotely triggered

This update has been prepared by James McCoy.

Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Attachment: signature.asc
Description: Digital signature

Reply to: