Debian Security Advisory
DLA-207-1 subversion -- LTS security update
- Date Reported:
- 24 Apr 2015
- Affected Packages:
- subversion
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 704940, Bug 737815.
In Mitre's CVE dictionary: CVE-2013-1845, CVE-2013-1846, CVE-2013-1847, CVE-2013-1849, CVE-2014-0032, CVE-2015-0248, CVE-2015-0251. - More information:
-
Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems:
- CVE-2015-0248
Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers.
- CVE-2015-0251
Subversion HTTP servers allow spoofing svn:author property values for new revisions via specially crafted v1 HTTP protocol request sequences.
- CVE-2013-1845
Subversion mod_dav_svn was vulnerable to a denial of service attack through a remotely triggered memory exhaustion.
- CVE-2013-1846 / CVE-2013-1847 / CVE-2013-1849 / CVE-2014-0032
Subversion mod_dav_svn was vulnerable to multiple remotely triggered crashes.
This update has been prepared by James McCoy.
- CVE-2015-0248