Debian Security Advisory

DLA-119-1 subversion -- LTS security update

Date Reported:
21 Dec 2014
Affected Packages:
subversion
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 773263.
In Mitre's CVE dictionary: CVE-2014-3580.
More information:

Evgeny Kotkov discovered a NULL pointer dereference while processing REPORT requests in mod_dav_svn, the Subversion component which is used to serve repositories with the Apache web server. A remote attacker could abuse this vulnerability for a denial of service.

We recommend that you upgrade your subversion packages.

For Debian 6 Squeeze, these issues have been fixed in subversion version 1.6.12dfsg-7+deb6u1