Debian Long Term Support / LTS Security Information / 2014 / Security Information -- DLA-119-1 subversion

Debian Security Advisory

DLA-119-1 subversion -- LTS security update

Date Reported:

21 Dec 2014

Affected Packages:

subversion

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 773263.
In Mitre's CVE dictionary: CVE-2014-3580.

More information:

Evgeny Kotkov discovered a NULL pointer dereference while processing REPORT requests in mod_dav_svn, the Subversion component which is used to serve repositories with the Apache web server. A remote attacker could abuse this vulnerability for a denial of service.

We recommend that you upgrade your subversion packages.

For Debian 6 Squeeze, these issues have been fixed in subversion version 1.6.12dfsg-7+deb6u1