Package : subversion
Version : 1.6.12dfsg-7+deb6u2
CVE ID : CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849
CVE-2014-0032 CVE-2015-0248 CVE-2015-0251
Debian Bug : 704940 737815
Several vulnerabilities were discovered in Subversion, a version control
system. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2015-0248
Subversion mod_dav_svn and svnserve were vulnerable to a remotely
triggerable assertion DoS vulnerability for certain requests with
dynamically evaluated revision numbers.
CVE-2015-0251
Subversion HTTP servers allow spoofing svn:author property values for
new revisions via specially crafted v1 HTTP protocol request
sequences.
CVE-2013-1845
Subversion mod_dav_svn was vulnerable to a denial of service attack
through a remotely triggered memory exhaustion.
CVE-2013-1846 / CVE-2013-1847 / CVE-2013-1849 / CVE-2014-0032
Subversion mod_dav_svn was vulnerable to multiple remotely triggered
crashes.
This update has been prepared by James McCoy.
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Attachment:
signature.asc
Description: Digital signature