Debian Security Advisory
DSA-3231-1 subversion -- security update
- Date Reported:
- 21 Apr 2015
- Affected Packages:
- subversion
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-0248, CVE-2015-0251.
- More information:
-
Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems:
- CVE-2015-0248
Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers.
- CVE-2015-0251
Subversion HTTP servers allow spoofing svn:author property values for new revisions via specially crafted v1 HTTP protocol request sequences.
For the stable distribution (wheezy), these problems have been fixed in version 1.6.17dfsg-4+deb7u9.
For the upcoming stable distribution (jessie), these problems have been fixed in version 1.8.10-6.
For the unstable distribution (sid), these problems have been fixed in version 1.8.10-6.
We recommend that you upgrade your subversion packages.
- CVE-2015-0248