[Bug 813913] New: multiple remotely triggerable vulnerabilities in subversion mod_dav_svn may result in denial-of-service

https://bugzilla.novell.com/show_bug.cgi?id=813913 https://bugzilla.novell.com/show_bug.cgi?id=813913#c0 Summary: multiple remotely triggerable vulnerabilities in subversion mod_dav_svn may result in denial-of-service Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: All OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:19.0) Gecko/20100101 Firefox/19.0 http://subversion.apache.org/security/ http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3C... http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3C... Apache Subversion 1.7.9 addresses the following security issues: * CVE-2013-1845: mod_dav_svn excessive memory usage from property changes * CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs * CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs * CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs * CVE-2013-1884: mod_dav_svn crashes on out of range limit in log REPORT request Subversion 1.6.21 addresses four security issues: * CVE-2013-1845: mod_dav_svn excessive memory usage from property changes * CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs * CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs * CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs http://subversion.apache.org/security/CVE-2013-1845-advisory.txt http://subversion.apache.org/security/CVE-2013-1846-advisory.txt http://subversion.apache.org/security/CVE-2013-1847-advisory.txt http://subversion.apache.org/security/CVE-2013-1849-advisory.txt http://subversion.apache.org/security/CVE-2013-1884-advisory.txt Reproducible: Always -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.