Univention Bugzilla – Bug 33285
subversion: Multiple issues (3.2)
Last modified: 2015-11-19 16:20:31 CET
+++ This bug was initially created as a clone of Bug #31222 +++
Various denial of service issues in mod_dav_svn (CVE-2013-1845, CVE-2013-1846, CVE-2013-1847, CVE-2013-1849)
The --pid-file option of svnserve does not validate whether the PID file is a symlink, allowing denial of service (CVE-2013-4277)
Denial of service in mod_dav_svn (CVE-2014-0032)
Credentials cached are only validated based on the MD5 hash (CVE-2014-3528)
Denial of service in mod_dav_svn (CVE-2014-3580)
* mod_dav_svn and svnserve: Denial of service via crafted parameter combinations (CVE-2015-0248)
* mod_dav_svn: Spoofing of svn:author by remote authenticated users (CVE-2015-0251)
Upstream Debian package version 1.6.12dfsg-7+deb6u3 additionally fixes
* CVE-2015-3187: The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.
These are now classified as minor:
* CVE-2013-4277 (Minor issue, PID file not created by default)
* CVE-2014-3528 (Minor issue)
All other issues above are fixed in the latest upstream package.
1.6.12dfsg-7+deb6u3 was imported and built to scope errata3.2-7.
YAML (r64103): 2015-09-30-subversion.yaml