Debian Security Advisory
DSA-2703-1 subversion -- several vulnerabilities
- Date Reported:
- 09 Jun 2013
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 711033.
In Mitre's CVE dictionary: CVE-2013-1968, CVE-2013-2112.
- More information:
Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems:
Subversion repositories with the FSFS repository data store format can be corrupted by newline characters in filenames. A remote attacker with a malicious client could use this flaw to disrupt the service for other users using that repository.
Subversion's svnserve server process may exit when an incoming TCP connection is closed early in the connection process. A remote attacker can cause svnserve to exit and thus deny service to users of the server.
For the oldstable distribution (squeeze), these problems have been fixed in version 1.6.12dfsg-7.
For the stable distribution (wheezy), these problems have been fixed in version 1.6.17dfsg-4+deb7u3.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your subversion packages.