Debian Security Advisory

DSA-2703-1 subversion -- several vulnerabilities

Date Reported:
09 Jun 2013
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 711033.
In Mitre's CVE dictionary: CVE-2013-1968, CVE-2013-2112.
More information:

Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2013-1968

    Subversion repositories with the FSFS repository data store format can be corrupted by newline characters in filenames. A remote attacker with a malicious client could use this flaw to disrupt the service for other users using that repository.

  • CVE-2013-2112

    Subversion's svnserve server process may exit when an incoming TCP connection is closed early in the connection process. A remote attacker can cause svnserve to exit and thus deny service to users of the server.

For the oldstable distribution (squeeze), these problems have been fixed in version 1.6.12dfsg-7.

For the stable distribution (wheezy), these problems have been fixed in version 1.6.17dfsg-4+deb7u3.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your subversion packages.