Univention Bugzilla – Full Text Bug Listing |
Summary: | subversion: Multiple issues (3.2) | ||
---|---|---|---|
Product: | UCS | Reporter: | Moritz Muehlenhoff <jmm> |
Component: | Security updates | Assignee: | Daniel Tröder <troeder> |
Status: | CLOSED FIXED | QA Contact: | Janek Walkenhorst <walkenhorst> |
Severity: | normal | ||
Priority: | P3 | CC: | gohmann, jmm, requate, walkenhorst |
Version: | UCS 3.2 | Flags: | requate:
Patch_Available+
|
Target Milestone: | UCS 3.2-7-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: |
Description
Moritz Muehlenhoff
2013-11-12 11:24:25 CET
Denial of service in mod_dav_svn (CVE-2014-0032) Credentials cached are only validated based on the MD5 hash (CVE-2014-3528) Denial of service in mod_dav_svn (CVE-2014-3580) * mod_dav_svn and svnserve: Denial of service via crafted parameter combinations (CVE-2015-0248) * mod_dav_svn: Spoofing of svn:author by remote authenticated users (CVE-2015-0251) Upstream Debian package version 1.6.12dfsg-7+deb6u3 additionally fixes * CVE-2015-3187: The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. These are now classified as minor: * CVE-2013-4277 (Minor issue, PID file not created by default) * CVE-2014-3528 (Minor issue) All other issues above are fixed in the latest upstream package. 1.6.12dfsg-7+deb6u3 was imported and built to scope errata3.2-7. YAML (r64103): 2015-09-30-subversion.yaml Tests: OK Advisory: OK |