Debian Security Advisory
DLA-119-1 subversion -- LTS security update
- Date Reported:
- 21 Dec 2014
- Affected Packages:
- subversion
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 773263.
In Mitre's CVE dictionary: CVE-2014-3580. - More information:
-
Evgeny Kotkov discovered a NULL pointer dereference while processing REPORT requests in mod_dav_svn, the Subversion component which is used to serve repositories with the Apache web server. A remote attacker could abuse this vulnerability for a denial of service.
We recommend that you upgrade your subversion packages.
For Debian 6
Squeeze
, these issues have been fixed in subversion version 1.6.12dfsg-7+deb6u1