Debian Security Advisory

DLA-207-1 subversion -- LTS security update

Date Reported:
24 Apr 2015
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 704940, Bug 737815.
In Mitre's CVE dictionary: CVE-2013-1845, CVE-2013-1846, CVE-2013-1847, CVE-2013-1849, CVE-2014-0032, CVE-2015-0248, CVE-2015-0251.
More information:

Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2015-0248

    Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers.

  • CVE-2015-0251

    Subversion HTTP servers allow spoofing svn:author property values for new revisions via specially crafted v1 HTTP protocol request sequences.

  • CVE-2013-1845

    Subversion mod_dav_svn was vulnerable to a denial of service attack through a remotely triggered memory exhaustion.

  • CVE-2013-1846 / CVE-2013-1847 / CVE-2013-1849 / CVE-2014-0032

    Subversion mod_dav_svn was vulnerable to multiple remotely triggered crashes.

This update has been prepared by James McCoy.