[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 136-1] websvn security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : websvn
Version        : 2.3.3-1+deb6u1
CVE ID         : CVE-2013-6892
Debian Bug     : 775682

James Clawson discovered that websvn, a web viewer for Subversion
repositories, would follow symlinks in a repository when presenting a
file for download. An attacker with repository write access could
thereby access any file on disk readable by the user the webserver
runs as.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJUw+/EAAoJEFb2GnlAHawE+Y8H/R7fX0rZ1r3sYLoUPchntpnl
eyzeMPjNMazrZ6oBJ3P2h6xQZ7NmBVzF/Z3UZ8sV8HJ8QDoosUFkydpPLpt61o1M
mTrCMdeLBEeqr6CWeclw9bjOt1vmLGEML8wNamHqbZXa20O1iqD+CBA0japk48BU
mxBa0ZK4LwUsreuUcQ08Or5i6cEKGX+/TiOWF8jN6DgVwBpLTFeaZeQ+R7GjPeNn
ZtAVk9oOf31BpivFPSOe0v8HVtUviFUdBjiZbzTLiwzr54N+TMiE/1fXpRxs3rJL
bLQ85mkYI7avRU1QXXEegqX90gNW+l/4qCpQOX9fhrJgcDTU7rBowTAxKtt6ROU=
=o6L+
-----END PGP SIGNATURE-----
Reply to: