FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

subversion -- DoS vulnerabilities

Affected packages
1.5.0 <= mod_dav_svn < 1.7.20
1.8.0 <= mod_dav_svn < 1.8.13
1.0.0 <= subversion16 < 1.7.20
1.0.0 <= subversion17 < 1.7.20
1.0.0 <= subversion < 1.7.20
1.8.0 <= subversion < 1.8.13

Details

VuXML ID 8e887b71-d769-11e4-b1c2-20cf30e32f6d
Discovery 2015-03-31
Entry 2015-03-31

Subversion Project reports:

Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests.

Subversion mod_dav_svn and svnserve are vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers.

Subversion HTTP servers allow spoofing svn:author property values for new revisions.

References

CVE Name CVE-2015-0202
CVE Name CVE-2015-0248
CVE Name CVE-2015-0251
URL http://subversion.apache.org/security/
URL http://subversion.apache.org/security/CVE-2015-0202-advisory.txt
URL http://subversion.apache.org/security/CVE-2015-0248-advisory.txt
URL http://subversion.apache.org/security/CVE-2015-0251-advisory.txt