Bug 21097

Summary: CVE-2009-2411: subversion heap overflow
Product: Sisyphus Reporter: Dmitry V. Levin <ldv>
Component: subversionAssignee: Andrey Cherepanov <cas>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: blocker    
Priority: P3 CC: cas, ender, shrek
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt

Description Dmitry V. Levin 2009-08-17 17:46:08 MSD
Subversion performs insufficient input validation of svndiff streams.
Malicious servers could cause heap overflows in clients, and malicious
clients with commit access could cause heap overflows in servers,
possibly leading to arbitrary code execution in both cases.

Upstream released new version to fix the problem.
Comment 1 Repository Robot 2009-08-19 04:25:48 MSD
subversion-1.6.4-alt1 -> sisyphus:

* Tue Aug 18 2009 Dmitry V. Levin <ldv@altlinux> 1.6.4-alt1

- Updated to 1.6.4 (CVE-2009-2411; closes: #21097).
Comment 2 Afanasov Dmitry 2009-08-20 14:24:23 MSD
спасибо, меня резко в командировку выгнали, только до почты добрался.