[SECURITY] [DLA 293-1] subversion security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 293-1] subversion security update
From: Santiago Ruano Rincón <santiagorr@riseup.net>
Date: Sun, 16 Aug 2015 12:24:11 +0200
Message-id: <[🔎] 20150816102411.GA30715@novelo>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : subversion
Version        : 1.6.12dfsg-7+deb6u3
CVE ID         : CVE-2015-3187

C. Michael Pilato, from CollabNet, reported an issue in the version
control system Subversion.

CVE-2015-3187

    Subversion servers revealed some sensible paths hidden by path-based
    authorization. Remote authenticated users were allowed to obtain
    path information by reading the history of a node that has been
    moved from a hidden path. The vulnerability only revealed the path,
    though it didn't reveal its content.

For Debian 6 “Squeeze”, this issue has been fixed in subversion
1.6.12dfsg-7+deb6u3. We recommend to upgrade your subversion packages.

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: [SECURITY] [DLA 291-1] libidn security update
Next by Date: [SECURITY] [DLA 292-1] libstruts1.2-java security update
Previous by thread: [SECURITY] [DLA 291-1] libidn security update
Next by thread: [SECURITY] [DLA 292-1] libstruts1.2-java security update
Index(es):
- Date
- Thread