Bug 24284 - CVE-2010-3315: mod_dav_svn - bypass intended access restrictions via svn commands
: CVE-2010-3315: mod_dav_svn - bypass intended access restrictions via svn comm...
Status: CLOSED FIXED
: Sisyphus
(All bugs in Sisyphus/subversion)
: unstable
: all Linux
: P3 blocker
Assigned To:
:
: http://subversion.apache.org/security...
: security
:
:
  Show dependency tree
 
Reported: 2010-10-13 09:56 by
Modified: 2010-10-21 09:00 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2010-10-13 09:56:58
Subversion servers up to 1.6.12 (inclusive) making use of the "SVNPathAuthz
short_circuit" mod_dav_svn configuration setting have a bug which may allow
users to write and/or read portions of the repository to which they are not
intended to have access.

Fixed in 1.6.13
------- Comment #1 From 2010-10-13 12:55:06 -------
как, crux на меня CVE вешает :)
------- Comment #2 From 2010-10-21 09:00:07 -------
subversion-1.6.13-alt1 -> sisyphus:

* Tue Oct 19 2010 Afanasov Dmitry <ender@altlinux> 1.6.13-alt1
- updated to 1.6.13 (CVE-2010-3315, closes: #24284)