Univention Bugzilla – Full Text Bug Listing |
Summary: | subversion: Multiple issues (4.0) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Daniel Tröder <troeder> |
Status: | CLOSED FIXED | QA Contact: | Stefan Gohmann <gohmann> |
Severity: | normal | ||
Priority: | P4 | CC: | gohmann, jmm, walkenhorst |
Version: | UCS 4.0 | ||
Target Milestone: | UCS 4.0-3-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: |
Description
Arvid Requate
2015-04-22 18:34:37 CEST
subversion 1.6.17dfsg-4+deb7u10 was imported and build to scope errata4.0-3. YAML (r63394): 2015-09-01-subversion.yaml This release fixes additionally to the two mentioned security bugs: * CVE-2015-3184: UCS-4.0 _not_ affected: mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14 * CVE-2015-3187: UCS-4.0 affected: The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Tests: OK YAML: OK |