[Bug 813913] New: multiple remotely triggerable vulnerabilities in subversion mod_dav_svn may result in denial-of-service
https://bugzilla.novell.com/show_bug.cgi?id=813913 https://bugzilla.novell.com/show_bug.cgi?id=813913#c0 Summary: multiple remotely triggerable vulnerabilities in subversion mod_dav_svn may result in denial-of-service Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: All OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:19.0) Gecko/20100101 Firefox/19.0 http://subversion.apache.org/security/ http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3C... http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3C... Apache Subversion 1.7.9 addresses the following security issues: * CVE-2013-1845: mod_dav_svn excessive memory usage from property changes * CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs * CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs * CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs * CVE-2013-1884: mod_dav_svn crashes on out of range limit in log REPORT request Subversion 1.6.21 addresses four security issues: * CVE-2013-1845: mod_dav_svn excessive memory usage from property changes * CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs * CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs * CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs http://subversion.apache.org/security/CVE-2013-1845-advisory.txt http://subversion.apache.org/security/CVE-2013-1846-advisory.txt http://subversion.apache.org/security/CVE-2013-1847-advisory.txt http://subversion.apache.org/security/CVE-2013-1849-advisory.txt http://subversion.apache.org/security/CVE-2013-1884-advisory.txt Reproducible: Always -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=813913 https://bugzilla.novell.com/show_bug.cgi?id=813913#c Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |ASSIGNED AssignedTo|security-team@suse.de |Andreas.Stieger@gmx.de -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=813913 https://bugzilla.novell.com/show_bug.cgi?id=813913#c1 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO CC| |Andreas.Stieger@gmx.de InfoProvider| |security-team@suse.de --- Comment #1 from Andreas Stieger <Andreas.Stieger@gmx.de> 2013-04-07 21:37:05 UTC --- Maintenance request: https://build.opensuse.org/request/show/163084 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=813913 https://bugzilla.novell.com/show_bug.cgi?id=813913#c2 --- Comment #2 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-04-08 00:00:08 CEST --- This is an autogenerated message for OBS integration: This bug (813913) was mentioned in https://build.opensuse.org/request/show/163081 Factory / subversion -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com