Parent Directory | Revision Log
MGASA-2017-0273: subversion-1.9.7-1.mga6, subversion-1.8.19-1.mga5
1 | type: security |
2 | subject: Updated subversion packages fix security vulnerability |
3 | CVE: |
4 | - CVE-2017-9800 |
5 | src: |
6 | 5: |
7 | core: |
8 | - subversion-1.8.19-1.mga5 |
9 | 6: |
10 | core: |
11 | - subversion-1.9.7-1.mga6 |
12 | description: | |
13 | A Subversion client sometimes connects to URLs provided by the |
14 | repository. A maliciously constructed svn+ssh:// URL would cause |
15 | Subversion clients to run an arbitrary shell command. Such a URL could |
16 | be generated by a malicious server, by a malicious user committing to an |
17 | honest server (to attack another user of that server's repositories), or |
18 | by a proxy server (CVE-2017-9800). |
19 | references: |
20 | - https://bugs.mageia.org/show_bug.cgi?id=21495 |
21 | - https://mail-archives.apache.org/mod_mbox/subversion-announce/201708.mbox/%3C2fefe468-7d41-11e7-aea1-9312c6089150%40apache.org%3E |
22 | - http://svn.apache.org/repos/asf/subversion/tags/1.9.7/CHANGES |
23 | - http://mail-archives.apache.org/mod_mbox/subversion-announce/201708.mbox/%3C8760dvl2j6.fsf%40codematters.co.uk%3E |
24 | - http://svn.apache.org/repos/asf/subversion/tags/1.8.19/CHANGES |
25 | - http://subversion.apache.org/security/CVE-2017-9800-advisory.txt |
26 | ID: MGASA-2017-0273 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |