Debian Security Advisory
DLA-136-1 websvn -- LTS security update
- Date Reported:
- 24 Jan 2015
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 775682.
In Mitre's CVE dictionary: CVE-2013-6892.
- More information:
James Clawson discovered that websvn, a web viewer for Subversion repositories, would follow symlinks in a repository when presenting a file for download. An attacker with repository write access could thereby access any file on disk readable by the user the webserver runs as.
For Debian 6
Squeeze, these issues have been fixed in websvn version 2.3.3-1+deb6u1