Debian Subversion vulnerabilities

CVE-2011-1783 [MEDIUM] CVE-2011-1783: subversion - The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subv... The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. Scope: local bookworm: resolved (fixed in 1.6.17d

CVE-2011-1752 [MEDIUM] CVE-2011-1752: subversion - The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subv... The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011. Scope: local bookworm: resolved (fixed in 1.6.17dfsg-1) bullseye: resolved (fixed

CVE-2011-1921 [MEDIUM] CVE-2011-1921: subversion - The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subv... The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation. Scope

CVE-2010-3315 [MEDIUM] CVE-2010-3315: subversion - authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in ... authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands. Scope: local bookworm

CVE-2010-4539 [MEDIUM] CVE-2010-4539: subversion - The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Serve... The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. Scope: local bookworm: resolved (fixed in 1.6.12dfsg-4) b

CVE-2010-4644 [LOW] CVE-2010-4644: subversion - Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow rem... Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command. Scope: local bookworm: resolved (fixed in 1.6.12dfsg-3) bullseye: resolved (fixed in 1.6.12dfsg-3) forky: resolved (fixed in 1.6.12dfsg-3) sid: resolved (fix

CVE-2009-2411 [HIGH] CVE-2009-2411: subversion - Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.... Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412. Scope: local bookworm: resolved (fixed in 1.6.4dfsg-1

CVE-2007-2448 [LOW] CVE-2007-2448: subversion - Subversion 1.4.3 and earlier does not properly implement the "partial access" pr... Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit. Scope: local bookworm: resolved (fixed in 1.4.4dfsg1-1) bullseye: res

CVE-2006-1564 [MEDIUM] CVE-2006-1564: subversion - Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in ... Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory. Scope: local bookworm: resolved (fixed in 1.3.0-5) bul

CVE-2004-0413 [CRITICAL] CVE-2004-0413: subversion - libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn... libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 1.0.5-1)

CVE-2004-0397 [HIGH] CVE-2004-0397: subversion - Stack-based buffer overflow during the apr_time_t data conversion in Subversion ... Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command. Scope: local bookworm: resolved (fixed in 1.0.3-1) bullseye: resolved (fixed in 1.0.3-1) forky: resolved (fixed in 1.0.3-1) sid: resolved (fixed in

CVE-2004-0749 [MEDIUM] CVE-2004-0749: subversion - The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restr... The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames. Scope: local bookworm: resolved (fixed in 1.0.9-2) bullseye: resolved (fixed

CVE-2004-1438 [LOW] CVE-2004-1438: subversion - The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remot... The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command. Scope: local bookworm: resolved (fixed in 1.0.6-1) bullseye: resolved (fixed in 1.0.6-1) forky: resolved (fixed in 1.0.6-1) sid: resolved (fixed in 1.0.6-1)