[SECURITY] [DLA 207-1] subversion security update

2015-04-24T09:40:22
ID DEBIAN:DLA-207-1:516D0
Type debian
Reporter Debian
Modified 2015-04-24T09:40:22

Description

Package : subversion Version : 1.6.12dfsg-7+deb6u2 CVE ID : CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849 CVE-2014-0032 CVE-2015-0248 CVE-2015-0251 Debian Bug : 704940 737815

Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2015-0248

Subversion mod_dav_svn and svnserve were vulnerable to a remotely
triggerable assertion DoS vulnerability for certain requests with
dynamically evaluated revision numbers.

CVE-2015-0251

Subversion HTTP servers allow spoofing svn:author property values for
new revisions via specially crafted v1 HTTP protocol request
sequences.

CVE-2013-1845

Subversion mod_dav_svn was vulnerable to a denial of service attack
through a remotely triggered memory exhaustion.

CVE-2013-1846 / CVE-2013-1847 / CVE-2013-1849 / CVE-2014-0032

Subversion mod_dav_svn was vulnerable to multiple remotely triggered
crashes.

This update has been prepared by James McCoy.

-- Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ Attachment: signature.asc Description: Digital signature