Security Advisories (6)
The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:192
- http://subversion.apache.org/security/CVE-2015-0248-advisory.txt
- http://lists.opensuse.org/opensuse-updates/2015-04/msg00008.html
- http://rhn.redhat.com/errata/RHSA-2015-1633.html
- https://support.apple.com/HT205217
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.securityfocus.com/bid/74260
- http://rhn.redhat.com/errata/RHSA-2015-1742.html
- http://www.ubuntu.com/usn/USN-2721-1
- http://www.debian.org/security/2015/dsa-3231
- https://security.gentoo.org/glsa/201610-05
- http://www.securitytracker.com/id/1033214
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.
- http://subversion.apache.org/security/CVE-2015-0251-advisory.txt
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:192
- http://lists.opensuse.org/opensuse-updates/2015-04/msg00008.html
- http://rhn.redhat.com/errata/RHSA-2015-1633.html
- https://support.apple.com/HT205217
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.securityfocus.com/bid/74259
- http://rhn.redhat.com/errata/RHSA-2015-1742.html
- http://www.ubuntu.com/usn/USN-2721-1
- http://seclists.org/fulldisclosure/2015/Jun/32
- http://www.debian.org/security/2015/dsa-3231
- https://security.gentoo.org/glsa/201610-05
- http://www.securitytracker.com/id/1033214
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.
- https://subversion.apache.org/security/CVE-2017-9800-advisory.txt
- https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63@%3Cannounce.apache.org%3E
- http://www.securitytracker.com/id/1039127
- http://www.securityfocus.com/bid/100259
- https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html
- http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html
- https://security.gentoo.org/glsa/201709-09
- https://support.apple.com/HT208103
- http://www.debian.org/security/2017/dsa-3932
- https://access.redhat.com/errata/RHSA-2017:2480
- http://www.securityfocus.com/archive/1/540999/100/0/threaded
- https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76@%3Ccommits.subversion.apache.org%3E
- https://www.oracle.com/security-alerts/cpuoct2020.html
In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server.
In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server.
The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.
- http://www.securitytracker.com/id/1033215
- http://subversion.apache.org/security/CVE-2015-3187-advisory.txt
- http://www.debian.org/security/2015/dsa-3331
- http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html
- http://rhn.redhat.com/errata/RHSA-2015-1633.html
- https://support.apple.com/HT206172
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html
- http://www.securityfocus.com/bid/76273
- http://rhn.redhat.com/errata/RHSA-2015-1742.html
- http://www.ubuntu.com/usn/USN-2721-1
- https://security.gentoo.org/glsa/201610-05
Take me over?
No POD found for gnuify-changelog.pl.
Time to read the source?
Module Install Instructions
To install Alien::SVN, copy and paste the appropriate command in to your terminal.
cpanm Alien::SVNperl -MCPAN -e shell
install Alien::SVNFor more information on module installation, please visit the detailed CPAN module installation guide.