Lucene search

K
osvGoogleOSV:DLA-207-1
HistoryApr 24, 2015 - 12:00 a.m.

subversion - security update

2015-04-2400:00:00
Google
osv.dev
26

EPSS

0.1

Percentile

95.0%

Several vulnerabilities were discovered in Subversion, a version control
system. The Common Vulnerabilities and Exposures project identifies the
following problems:

  • CVE-2015-0248
    Subversion mod_dav_svn and svnserve were vulnerable to a remotely
    triggerable assertion DoS vulnerability for certain requests with
    dynamically evaluated revision numbers.
  • CVE-2015-0251
    Subversion HTTP servers allow spoofing svn:author property values for
    new revisions via specially crafted v1 HTTP protocol request
    sequences.
  • CVE-2013-1845
    Subversion mod_dav_svn was vulnerable to a denial of service attack
    through a remotely triggered memory exhaustion.
  • CVE-2013-1846 / CVE-2013-1847 / CVE-2013-1849 / CVE-2014-0032
    Subversion mod_dav_svn was vulnerable to multiple remotely triggered
    crashes.

This update has been prepared by James McCoy.