[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 293-1] subversion security update

Package        : subversion
Version        : 1.6.12dfsg-7+deb6u3
CVE ID         : CVE-2015-3187

C. Michael Pilato, from CollabNet, reported an issue in the version
control system Subversion.


    Subversion servers revealed some sensible paths hidden by path-based
    authorization. Remote authenticated users were allowed to obtain
    path information by reading the history of a node that has been
    moved from a hidden path. The vulnerability only revealed the path,
    though it didn't reveal its content.

For Debian 6 “Squeeze”, this issue has been fixed in subversion
1.6.12dfsg-7+deb6u3. We recommend to upgrade your subversion packages.

Attachment: signature.asc
Description: Digital signature

Reply to: