FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Subversion -- multiple vulnerabilities

Affected packages
1.7.0 <= subversion < 1.7.9
1.6.0 <= subversion < 1.6.21

Details

VuXML ID b6beb137-9dc0-11e2-882f-20cf30e32f6d
Discovery 2013-04-05
Entry 2013-04-05

Subversion team reports:

Subversion's mod_dav_svn Apache HTTPD server module will use excessive amounts of memory when a large number of properties are set or deleted on a node.

Subversion's mod_dav_svn Apache HTTPD server module will crash when a LOCK request is made against activity URLs.

Subversion's mod_dav_svn Apache HTTPD server module will crash in some circumstances when a LOCK request is made against a non-existent URL.

Subversion's mod_dav_svn Apache HTTPD server module will crash when a PROPFIND request is made against activity URLs.

Subversion's mod_dav_svn Apache HTTPD server module will crash when a log REPORT request receives a limit that is out of the allowed range.

References

CVE Name CVE-2013-1845
CVE Name CVE-2013-1846
CVE Name CVE-2013-1847
CVE Name CVE-2013-1849
CVE Name CVE-2013-1884