Bug 24284 - CVE-2010-3315: mod_dav_svn - bypass intended access restrictions via svn commands
Summary: CVE-2010-3315: mod_dav_svn - bypass intended access restrictions via svn comm...
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: subversion (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Andrey Cherepanov
QA Contact: qa-sisyphus
URL: http://subversion.apache.org/security...
Keywords: security
Depends on:
Blocks:
 
Reported: 2010-10-13 09:56 MSD by Vladimir Lettiev
Modified: 2010-10-21 09:00 MSD (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2010-10-13 09:56:58 MSD
Subversion servers up to 1.6.12 (inclusive) making use of the "SVNPathAuthz short_circuit" mod_dav_svn configuration setting have a bug which may allow users to write and/or read portions of the repository to which they are not intended to have access.

Fixed in 1.6.13
Comment 1 Afanasov Dmitry 2010-10-13 12:55:06 MSD
как, crux на меня CVE вешает :)
Comment 2 Vladimir Lettiev 2010-10-21 09:00:07 MSD
subversion-1.6.13-alt1 -> sisyphus:

* Tue Oct 19 2010 Afanasov Dmitry <ender@altlinux> 1.6.13-alt1
- updated to 1.6.13 (CVE-2010-3315, closes: #24284)