subversion

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A Modern Concurrent Version Control System
Version 1.14.3-2 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2750 1.14.1-6 1.14.2-1 High Fixed
AVG-1563 1.14.0-4 1.14.1-1 Medium Fixed
AVG-1016 1.12.0-3 1.12.2-1 High Fixed
AVG-858 1.11.0-2 1.11.1-1 High Fixed
AVG-379 1.9.6-1 1.9.7-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2022-24070 AVG-2750 High Yes Unknown
While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Servers that do not use...
CVE-2021-28544 AVG-2750 Medium Unknown Information disclosure
Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules.  When a node has been...
CVE-2020-17525 AVG-1563 Medium Yes Denial of service
Subversion's mod_authz_svn module in version 1.9.0 up to 1.10.6 and 1.11.0 up to 1.14.0 will crash if the server is using in-repository authz rules with the...
CVE-2019-0203 AVG-1016 High Yes Denial of service
A null-pointer-dereference has been found in svnserve that results in a remote unauthenticated Denial-of-Service in some server configurations. The...
CVE-2018-11803 AVG-858 High Yes Denial of service
A denial of service has been found in subversion versions prior to 1.11.1, allowing a malicious SVN client to crash a remote server using mod_dav_svn by...
CVE-2018-11782 AVG-1016 Medium Yes Denial of service
Subversion svn:// connections, including svn+ssh:// and svn+<custom>://, use a custom network protocol [1] with Lisp-like syntax. The code implementing the...
CVE-2017-9800 AVG-379 Critical Yes Arbitrary command execution
A security issue has been found in subversion < 1.9.7. A Subversion client sometimes connects to URLs provided by the repository. This happens in two...

Advisories

Date Advisory Group Severity Type
16 Aug 2019 ASA-201908-10 AVG-1016 High denial of service
28 Jan 2019 ASA-201901-17 AVG-858 High denial of service
15 Aug 2017 ASA-201708-14 AVG-379 Critical arbitrary command execution