[SECURITY] [DLA 1052-1] subversion security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1052-1] subversion security update
From: Chris Lamb <lamby@debian.org>
Date: Fri, 11 Aug 2017 08:56:07 -0400
Message-id: <[🔎] 1502456167.3240854.1070333424.4FDAEAD1@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : subversion
Version        : 1.6.17dfsg-4+deb7u12
CVE ID         : CVE-2017-9800

It was discovered that there was a arbitrary code execution
vulnerability in the subversion revision control system via
malicious "svn+ssh" URLs in "svn:externals" and
"svn:sync-from-url".

For Debian 7 "Wheezy", this issue has been fixed in subversion
version 1.6.17dfsg-4+deb7u12.

We recommend that you upgrade your subversion packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlmNqVsACgkQHpU+J9Qx
HljyrhAAu3+Nhoym6Phh77DWaMyuxclnFIKbZ3bGPubwoFIZeAC4l4ksA7qURR7K
SB6Rgi+T16/l61x7qxQdqbGj2i4JY/20/f1cvXmyUjkKmPl50gNv+Mofk8st+cnB
QiXRO2PRio6Ng/kHBg9b0iqiBTY5sT80Opd57igaekM2VobGuodyFIj1G/9RcKqP
SMhwyeZdAW2t1N9FsFSlT/7D7CQL81zRSx5ddRs26LfRxcdmHqM/G1EelVDIGYzD
byG8z1aOTBkeD2lM/oLgBlYY+Xxv7szyotmy1HMZXDN/UibIfJzcfrdLouXEeuWP
iYMUf/duRZO6FoLHD4a8YAoP90fOEAaNJnjIM63fNAxC6xZwC8sSt8HEB98DAGAP
ZFgi7yUHJMltMdoZZqXdo/hUqR3YnbnFmQc4tKNeZ/Yfkc0I6tx0lIDY9Z0PJYzJ
bSB05oiMAbto/J9hVjrCxYTKhWtzemjK6IdhX8Se9KcY6ovmkfV+SKvQC+fPUs9/
QvY9MF5sakeSezhREoJ4NjTM0qa+hpis+4fF5d1VxJ44T1by82KJJYzvDt+T80cI
DweryTpqeP6ULFSJYqG1Rl955HXmREqoTXtE/aNzTVKKR050bTq5qp4IXZ1KoI9i
HiTFzDirtsOhYEsR3SjPQT4z5Qsw0taTR2RdBLds8hIvKuClIiU=
=dST2
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1051-1] postgresql-9.1 security update
Next by Date: [SECURITY] [DLA 1053-1] firefox-esr security update
Previous by thread: [SECURITY] [DLA 1051-1] postgresql-9.1 security update
Next by thread: [SECURITY] [DLA 1053-1] firefox-esr security update
Index(es):
- Date
- Thread