Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.
archives.neohapsis.com/archives/bugtraq/2009-08/0056.html
lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
osvdb.org/56856
secunia.com/advisories/36184
secunia.com/advisories/36224
secunia.com/advisories/36232
secunia.com/advisories/36257
secunia.com/advisories/36262
subversion.tigris.org/security/CVE-2009-2411-advisory.txt
support.apple.com/kb/HT3937
svn.collab.net/repos/svn/tags/1.5.7/CHANGES
svn.collab.net/repos/svn/tags/1.6.4/CHANGES
svn.haxx.se/dev/archive-2009-08/0107.shtml
svn.haxx.se/dev/archive-2009-08/0108.shtml
svn.haxx.se/dev/archive-2009-08/0110.shtml
www.debian.org/security/2009/dsa-1855
www.mandriva.com/security/advisories?name=MDVSA-2009:199
www.redhat.com/support/errata/RHSA-2009-1203.html
www.securityfocus.com/bid/35983
www.securitytracker.com/id?1022697
www.ubuntu.com/usn/usn-812-1
www.vupen.com/english/advisories/2009/2180
www.vupen.com/english/advisories/2009/3184
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465
www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html