Univention Bugzilla – Bug 38323
subversion: Multiple issues (4.0)
Last modified: 2015-09-09 15:17:33 CEST
Fixed upstream in 1.6.17dfsg-4+deb7u9: * mod_dav_svn and svnserve: Denial of service via crafted parameter combinations (CVE-2015-0248) * mod_dav_svn: Spoofing of svn:author by remote authenticated users (CVE-2015-0251)
subversion 1.6.17dfsg-4+deb7u10 was imported and build to scope errata4.0-3. YAML (r63394): 2015-09-01-subversion.yaml This release fixes additionally to the two mentioned security bugs: * CVE-2015-3184: UCS-4.0 _not_ affected: mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14 * CVE-2015-3187: UCS-4.0 affected: The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.
Tests: OK YAML: OK
<http://errata.software-univention.de/ucs/4.0/312.html>