1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3107-1] subversion security update

    From Florian Weimer@1:229/2 to All on Sat Dec 20 19:30:01 2014
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3107-1 [email protected] http://www.debian.org/security/ Florian Weimer December 20, 2014 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : subversion
    CVE ID : CVE-2014-3580
    Debian Bug : 773263

    Evgeny Kotkov discovered a NULL pointer dereference while processing
    REPORT requests in mod_dav_svn, the Subversion component which is used
    to serve repositories with the Apache web server. A remote attacker
    could abuse this vulnerability for a denial of service.

    For the stable distribution (wheezy), this problem has been fixed in
    version 1.6.17dfsg-4+deb7u7.

    For the unstable distribution (sid), this problem has been fixed in
    version 1.8.10-5.

    We recommend that you upgrade your subversion packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.10 (GNU/Linux)

    iQEcBAEBAgAGBQJUlcb3AAoJEL97/wQC1SS+MbYIAKE5phOjZkRQRFmmzGfgpens RpM+I2mBJ1ghvHvd+3CIQsBjtIuzxgih+ekUYQ8YP5dOB1erV4cI3zMbjnv1x4ZC ZxLxDNfPGQ3xmBNwAXT+ohkVturBrqZpvxz/vR4ms77mvOHo4Zm1r/WWHgs19Cnm WgNGXTCz59HXmzFhsrmwWA0Ojr8lBEbr9t4hKeciq4QAdaMjvYoZhi9KaUMJh1K5 4ntIBP/KdaqlCTCb46w1QqG/bJ6lHv89DGX9GbKpM1PNCI6ejyVnU0CmEovDPTLs evr91+DzT3CTTPOvGxeabcrhxun/xeNPdcxdwuayEHzx7OGU1OvhdFW6j/XIecU=
    =3nn5
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From Herb Garcia@1:229/2 to All on Sat Dec 27 11:10:01 2014
    XPost: linux.debian.security
    From: [email protected]

    I can't get this update to upgrade using apt-get on wheezy. I also can't get the wheezy backport version to upgrade. I still have version 1.6.17dfsg-4+deb7u6, although ...deb7u8 apparently is the new current version.

    Herb Garcia P.G.
    President
    Minnesota GeoServices, Inc.
    40 Woodlynn Avenue
    Little Canada, MN 55117
    651-261-2072 cell
    651-644-1571 work
    651-645-7854 fax
    [email protected]
    www.mngeoservices.com

    -----Original Message-----
    From: Florian Weimer [mailto:[email protected]]
    Sent: Saturday, December 20, 2014 12:28 PM
    To: [email protected]
    Subject: [SECURITY] [DSA 3107-1] subversion security update
    Importance: High

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3107-1 [email protected] http://www.debian.org/security/ Florian Weimer December 20, 2014 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : subversion
    CVE ID : CVE-2014-3580
    Debian Bug : 773263

    Evgeny Kotkov discovered a NULL pointer dereference while processing REPORT requests in mod_dav_svn, the Subversion component which is used to serve repositories with the Apache web server. A remote attacker could abuse this vulnerability for a denial
    of service.

    For the stable distribution (wheezy), this problem has been fixed in version 1.6.17dfsg-4+deb7u7.

    For the unstable distribution (sid), this problem has been fixed in version 1.8.10-5.

    We recommend that you upgrade your subversion packages.

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.10 (GNU/Linux)

    iQEcBAEBAgAGBQJUlcb3AAoJEL97/wQC1SS+MbYIAKE5phOjZkRQRFmmzGfgpens RpM+I2mBJ1ghvHvd+3CIQsBjtIuzxgih+ekUYQ8YP5dOB1erV4cI3zMbjnv1x4ZC ZxLxDNfPGQ3xmBNwAXT+ohkVturBrqZpvxz/vR4ms77mvOHo4Zm1r/WWHgs19Cnm WgNGXTCz59HXmzFhsrmwWA0Ojr8lBEbr9t4hKeciq4QAdaMjvYoZhi9KaUMJh1K5 4ntIBP/KdaqlCTCb46w1QqG/bJ6lHv89DGX9GbKpM1PNCI6ejyVnU0CmEovDPTLs evr91+DzT3CTTPOvGxeabcrhxun/xeNPdcxdwuayEHzx7OGU1OvhdFW6j/XIecU=
    =3nn5
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/E7D7BE6BD583B843AA01931BE33FB773F385B7AFE2@Exchangehost.ad.pcspeed.com

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)