Debian Security Advisory

DLA-136-1 websvn -- LTS security update

Date Reported:
24 Jan 2015
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 775682.
In Mitre's CVE dictionary: CVE-2013-6892.
More information:

James Clawson discovered that websvn, a web viewer for Subversion repositories, would follow symlinks in a repository when presenting a file for download. An attacker with repository write access could thereby access any file on disk readable by the user the webserver runs as.

For Debian 6 Squeeze, these issues have been fixed in websvn version 2.3.3-1+deb6u1