Gentoo Linux Security Advisory 201610-5 - Multiple vulnerabilities have been found in Subversion and Serf, the worst of which could lead to execution of arbitrary code. Versions less than 1.9.4 are affected.
6fc3d8b062f4dd9dd7a5b8d8121065ad62aa138fd8e27bec35dc5e71fb9cd7e8
Apple Security Advisory 2015-09-16-2 - Xcode 7.0 is now available and addresses traffic inspection, access bypass, and various other vulnerabilities.
7a3af52221713d401a1c4f2c0809a381ca1e1c7cc53f03c7a03efe9fde6277f6
Red Hat Security Advisory 2015-1742-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server to crash.
5598afe1762e5d2f9730eef6f62ee1c4319359beffb6f3ee693c7c00a2399fd6
Ubuntu Security Notice 2721-1 - It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that the Subversion mod_dav_svn module incorrectly handled requests requiring a lookup for a virtual transaction name that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.
bf924d06c07de07ad62f90ddaca26ec6d2f16b7478d76f99c2a041bc556bda43
Red Hat Security Advisory 2015-1633-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server to crash.
d091320b57163b4490f94feff3ef41c63366f20353500a6e770c256ec6180c43
Subversion's mod_dav_svn server allows setting arbitrary svn:author property values when committing new revisions. This can be accomplished using a specially crafted sequence of requests. An evil-doer can fake svn:author values on his commits. However, as authorization rules are applied to the evil-doer's true username, forged svn:author values can only happen on commits that touch the paths the evil-doer has write access to.
cab2132d107a1c63a748c32bd67d39e8e9ba004dc0bf449d158f9ba52375ff85
Debian Linux Security Advisory 3231-1 - Several vulnerabilities were discovered in Subversion, a version control system.
b713fc8d250561a0258c3f5d80214cbca484512f312bc325fcdb64bddbe08dba
Mandriva Linux Security Advisory 2015-192 - Multiple vulnerabilities has been discovered and corrected in subversion. Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. Subversion mod_dav_svn and svnserve are vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. Subversion HTTP servers allow spoofing svn:author property values for new revisions. The updated packages have been upgraded to the 1.7.20 and 1.8.13 versions where these security flaws has been fixed.
829bf7383ff71da085f5217b201c2b0b0c211ea29983b39d9bc74aa6de7c36fc