1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2703-1] subversion security update

    From Salvatore Bonaccorso@1:229/2 to All on Sun Jun 9 08:50:01 2013
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2703-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso
    June 09, 2013 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : subversion
    Vulnerability : several
    Problem type : remote
    Debian-specific: no
    CVE ID : CVE-2013-1968 CVE-2013-2112
    Debian Bug : 711033

    Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems:

    CVE-2013-1968

    Subversion repositories with the FSFS repository data store format
    can be corrupted by newline characters in filenames. A remote
    attacker with a malicious client could use this flaw to disrupt the
    service for other users using that repository.

    CVE-2013-2112

    Subversion's svnserve server process may exit when an incoming TCP
    connection is closed early in the connection process. A remote
    attacker can cause svnserve to exit and thus deny service to users
    of the server.

    For the oldstable distribution (squeeze), these problems have been fixed in version 1.6.12dfsg-7.

    For the stable distribution (wheezy), these problems have been fixed in
    version 1.6.17dfsg-4+deb7u3.

    For the unstable distribution (sid), these problems will be fixed soon.

    We recommend that you upgrade your subversion packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.12 (GNU/Linux)

    iQIcBAEBCgAGBQJRtB5GAAoJEHidbwV/2GP+I8UP/RuShUL3wDaLm8YTM2JlKCHy iaed1q3/kecWdYDRVc3JI6tudURQFvn5lrPKC2G62YUTEiZ4DnkOn8T+697XSxwN 6Mwie3+awcuhgOp54JQk+J4GnvV8GCky1uHVLmkzRy8C9dYTxwy2vPp1xo6na9VC 939MLCfqdYte+CHiQBrsVcTVKu91vPfCGaHpAZNNkAUkXzBFD5J24CIafiLyxAwI TeIh+ZNS1mRb90TXc2hYrWj4UIWGEnsi6MHHHrbOWAaZhMdthHhu39kp92mbWzVS JRYlkW/HtmKzLm/raTmMSPoorSmG4k2t6ZrNLSS4wAHunaayMCMyrPS24BoT87lX b+Lbx0VDTqo8rrBUyyClJE6DnHBN+8g7rcn8R8Q20nLVuSbn1uUVmcECvio31vh2 jfm3ATxCDG0W25IjIOxMlfEuah9H5CEWyDi06TOlfEyWe+UCAzzwKQa+fXK1gtwK S7pv0PInYh0YCtkfByUAiyfwGAMTU28LoNXigpAKk+18bdbHGTGBnFPk1rhyJbku UCttBXs3Fg/b7wy2vgb7253X9opQ/tuz85m8CwzVscviBV7PDKPSXJ4FP9+Rba8m 0/0jYdNSEcRvOFPy++PnvNoNG8x9Phl3y9oajOJF1rujN3FdW9jsiGsnXMOQjFSB TKPLcvqvqnW71dcw/pP8
    =Tnvw
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)