Debian Security Advisory
DSA-2251-1 subversion -- several vulnerabilities
- Date Reported:
- 02 Jun 2011
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2011-1752, CVE-2011-1783, CVE-2011-1921.
- More information:
Several vulnerabilities were discovered in Subversion, the version control system. The Common Vulnerabilities and Exposures project identifies the following problems:
The mod_dav_svn Apache HTTPD server module can be crashed though when asked to deliver baselined WebDAV resources.
The mod_dav_svn Apache HTTPD server module can trigger a loop which consumes all available memory on the system.
The mod_dav_svn Apache HTTPD server module may leak to remote users the file contents of files configured to be unreadable by those users.
For the oldstable distribution (lenny), this problem has been fixed in version 1.5.1dfsg1-7.
For the stable distribution (squeeze), this problem has been fixed in version 1.6.12dfsg-6.
For the unstable distribution (sid), this problem has been fixed in version 1.6.17dfsg-1.
We recommend that you upgrade your subversion packages.