/[advisories]/21495.adv
ViewVC logotype

Contents of /21495.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 6007 - (show annotations) (download)
Wed Aug 16 20:52:44 2017 UTC (6 years, 7 months ago) by neoclust
File size: 1134 byte(s)
MGASA-2017-0273: subversion-1.9.7-1.mga6, subversion-1.8.19-1.mga5
1 type: security
2 subject: Updated subversion packages fix security vulnerability
3 CVE:
4 - CVE-2017-9800
5 src:
6 5:
7 core:
8 - subversion-1.8.19-1.mga5
9 6:
10 core:
11 - subversion-1.9.7-1.mga6
12 description: |
13 A Subversion client sometimes connects to URLs provided by the
14 repository. A maliciously constructed svn+ssh:// URL would cause
15 Subversion clients to run an arbitrary shell command. Such a URL could
16 be generated by a malicious server, by a malicious user committing to an
17 honest server (to attack another user of that server's repositories), or
18 by a proxy server (CVE-2017-9800).
19 references:
20 - https://bugs.mageia.org/show_bug.cgi?id=21495
21 - https://mail-archives.apache.org/mod_mbox/subversion-announce/201708.mbox/%3C2fefe468-7d41-11e7-aea1-9312c6089150%40apache.org%3E
22 - http://svn.apache.org/repos/asf/subversion/tags/1.9.7/CHANGES
23 - http://mail-archives.apache.org/mod_mbox/subversion-announce/201708.mbox/%3C8760dvl2j6.fsf%40codematters.co.uk%3E
24 - http://svn.apache.org/repos/asf/subversion/tags/1.8.19/CHANGES
25 - http://subversion.apache.org/security/CVE-2017-9800-advisory.txt
26 ID: MGASA-2017-0273

  ViewVC Help
Powered by ViewVC 1.1.30