Gentoo Linux Security Advisory GLSA 200903-20 - Multiple vulnerabilities in WebSVN allow for file overwrite and information disclosure. James Bercegay of GulfTech Security reported a Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl() function in index.php (CVE-2008-5918) and a directory traversal vulnerability in rss.php when magic_quotes_gpc is disabled (CVE-2008-5919). Versions less than 2.1.0 are affected.
c47bce5b9c11d49a0c300bbe9035b3bf7fc6515d15f7465de99987eca26f9e99
Debian Security Advisory 1725-1 - Bas van Schaik discovered that WebSVN, a tool to view Subversion repositories over the web, did not properly restrict access to private repositories, allowing a remote attacker to read significant parts of their content.
9fdb94fcff413131cc7840f807521f1e3c4020caea8a81f7169b0c9c02610d82