Debian Security Advisory
DLA-119-1 subversion -- LTS security update
- Date Reported:
- 21 Dec 2014
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 773263.
In Mitre's CVE dictionary: CVE-2014-3580.
- More information:
Evgeny Kotkov discovered a NULL pointer dereference while processing REPORT requests in mod_dav_svn, the Subversion component which is used to serve repositories with the Apache web server. A remote attacker could abuse this vulnerability for a denial of service.
We recommend that you upgrade your subversion packages.
For Debian 6
Squeeze, these issues have been fixed in subversion version 1.6.12dfsg-7+deb6u1