Debian Security Advisory
DSA-2703-1 subversion -- several vulnerabilities
- Date Reported:
- 09 Jun 2013
- Affected Packages:
- subversion
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 711033.
In Mitre's CVE dictionary: CVE-2013-1968, CVE-2013-2112. - More information:
-
Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems:
- CVE-2013-1968
Subversion repositories with the FSFS repository data store format can be corrupted by newline characters in filenames. A remote attacker with a malicious client could use this flaw to disrupt the service for other users using that repository.
- CVE-2013-2112
Subversion's svnserve server process may exit when an incoming TCP connection is closed early in the connection process. A remote attacker can cause svnserve to exit and thus deny service to users of the server.
For the oldstable distribution (squeeze), these problems have been fixed in version 1.6.12dfsg-7.
For the stable distribution (wheezy), these problems have been fixed in version 1.6.17dfsg-4+deb7u3.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your subversion packages.
- CVE-2013-1968