subversion: CVE-2013-4277: local privilege escalation vulnerability via symlink attack

Debian Bug report logs - #721542
subversion: CVE-2013-4277: local privilege escalation vulnerability via symlink attack

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: subversion: CVE-2013-4277: local privilege escalation vulnerability via symlink attack

Date: Sun, 01 Sep 2013 21:34:38 +0200

Package: subversion
Version: 1.6.12dfsg-6
Severity: important
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for subversion.

CVE-2013-4277[0]:
local privilege escalation vulnerability via symlink attack

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4277
    http://security-tracker.debian.org/tracker/CVE-2013-4277
[1] http://subversion.apache.org/security/CVE-2013-4277-advisory.txt

This issue does not warrant a DSA, but could be fixed trough a
(old)stable-proposed-updates, see [2].

[2] http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable

Regards,
Salvatore

Message #20 received at 721542@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <mgilbert@debian.org>

To: 717794@bugs.debian.org, 721542@bugs.debian.org

Subject: Security nmu

Date: Tue, 15 Oct 2013 23:09:33 -0400

[Message part 1 (text/plain, inline)]

control: tag -1 patch
control: tag -1 pending

Hi,

I've uploaded an nmu fixing these two issues to delayed/5.  Please see
attached patch.

Best wishes,
Mike

[subversion.patch (application/octet-stream, attachment)]

Message #25 received at 721542-close@bugs.debian.org (full text, mbox, reply):

From: Laszlo Boszormenyi (GCS) <gcs@debian.org>

To: 721542-close@bugs.debian.org

Subject: Bug#721542: fixed in subversion 1.7.9-2

Date: Thu, 17 Oct 2013 00:18:37 +0000

Source: subversion
Source-Version: 1.7.9-2

We believe that the bug you reported is fixed in the latest version of
subversion, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 721542@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated subversion package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 16 Oct 2013 08:37:15 +0000
Source: subversion
Binary: subversion libsvn1 libsvn-dev libsvn-doc libapache2-mod-svn libapache2-svn python-subversion subversion-tools libsvn-java libsvn-perl ruby-svn libsvn-ruby1.8 libsvn-ruby
Architecture: source all amd64
Version: 1.7.9-2
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description: 
 libapache2-mod-svn - Apache Subversion server modules for Apache httpd
 libapache2-svn - Apache Subversion server modules for Apache httpd (dummy package)
 libsvn-dev - Development files for Apache Subversion libraries
 libsvn-doc - Developer documentation for libsvn
 libsvn-java - Java bindings for Apache Subversion
 libsvn-perl - Perl bindings for Apache Subversion
 libsvn-ruby - Ruby bindings for Apache Subversion (dummy package)
 libsvn-ruby1.8 - Ruby bindings for Apache Subversion (dummy package)
 libsvn1    - Shared libraries used by Apache Subversion
 python-subversion - Python bindings for Apache Subversion
 ruby-svn   - Ruby bindings for Apache Subversion
 subversion - Advanced version control system
 subversion-tools - Assorted tools related to Apache Subversion
Closes: 717794 721542 721878 726491 726572
Changes: 
 subversion (1.7.9-2) unstable; urgency=high
 .
   * Acknowledge NMUs.
   * New maintainer, but leave Peter Samuelson in as uploader.
   * Add breaks for older svnmailer to python-subversion (closes: #726491).
   * Tighten SQLite3 dependency (closes: #721878, #726572).
   * Update Standards-Version to 3.9.4 .
   * Change source format to 3.0 (quilt), drop quilt build dependency.
 .
   [ Michael Gilbert <mgilbert@debian.org> ]
   * Fix CVE-2013-4131: out-of-bounds read in mod_dav_svn/repos.c
     (closes: #717794).
   * Fix CVE-2013-4277: svnserve does not check if its pid file is a symlink
     (closes: #721542).
 .
   [ James McCoy <jamessan@debian.org> ]
   * Canonicalize the Vcs-* URLs. Thanks, Lintian.
Checksums-Sha1: 
 e1b39ae058afd9c5819adac65305f58145eb38a0 2306 subversion_1.7.9-2.dsc
 b273013c7e744867f1e96a6753d1d81cfc8fcf23 235729 subversion_1.7.9-2.debian.tar.gz
 e879f50bf21bc5a638e61b6f6de0dea7630d3272 1203566 libsvn-doc_1.7.9-2_all.deb
 256c8ca4a9293a437e6fa0b74ce5dffb868173d4 106920 libapache2-svn_1.7.9-2_all.deb
 c22eceb38cf2be07ac89dd104cd8125619c55ffe 253028 subversion-tools_1.7.9-2_all.deb
 dff434d5618883e9dd7b447072bd1e0932b2c0a0 972 libsvn-ruby1.8_1.7.9-2_all.deb
 607ce6a41d1da18d14fa3e48c94e77e14678f41e 966 libsvn-ruby_1.7.9-2_all.deb
 b837001f3b7e8dd2b4f5ed36bea35dcb1da2b7a7 775772 subversion_1.7.9-2_amd64.deb
 0f67e5800bac7c1ff3133e3c0d9f1054fecfffaa 927306 libsvn1_1.7.9-2_amd64.deb
 0e9cfee45d8fa80f6ab9f03cb0822c405d192901 1140278 libsvn-dev_1.7.9-2_amd64.deb
 b58b3e4b157bd8653605965884a6671b7cf93f6d 174280 libapache2-mod-svn_1.7.9-2_amd64.deb
 43f8908d0e591dfb48d115a16c6252468dd5dcdd 579872 python-subversion_1.7.9-2_amd64.deb
 68740ccbe2ad7e357acd1c6e0d0092fd533bfd47 338158 libsvn-java_1.7.9-2_amd64.deb
 b8c48745445d3bd73f5148bc39b846817a6a144b 865326 libsvn-perl_1.7.9-2_amd64.deb
 5ce0a22dcd1af47c7d27d1d69d7b1a6cd6983430 506990 ruby-svn_1.7.9-2_amd64.deb
Checksums-Sha256: 
 6f02c760aff4544d0d621869ca74bec2d7e39434a4bb31910b2c1343f9c5df8d 2306 subversion_1.7.9-2.dsc
 7503de3d659a6fa582099278252b8fe0ec600135ff2d0d42b5c48c3b142a5f46 235729 subversion_1.7.9-2.debian.tar.gz
 b636db6ef1cb796a553451cee7ed9c4b954a7cb557d72f593a79b5f36e896a96 1203566 libsvn-doc_1.7.9-2_all.deb
 b8720b91dc40a6cce84b3f00acb99d6d4bcaa3712c871c3cfce9725fbe2b0b66 106920 libapache2-svn_1.7.9-2_all.deb
 eaf07304eb27922c2ba602d8df1554bcec3b1995f658a5c7eee06ae3d274133b 253028 subversion-tools_1.7.9-2_all.deb
 d046f1e66f0a9c5bda14a5d7f7ca226a6f8b1fc813ff8adaf4d65d2083586198 972 libsvn-ruby1.8_1.7.9-2_all.deb
 2c05351dc473b2064b22a240a94d20c99eee5d78cd16140650a7226161b94233 966 libsvn-ruby_1.7.9-2_all.deb
 57d9dd9d889d2794e8a8fbd3c6b933f29b5d57ee9397dfc6c36c71503315514f 775772 subversion_1.7.9-2_amd64.deb
 a45666330d2bc61f533d4688986972fdae76b180a920d7fed838e60e0122e3c4 927306 libsvn1_1.7.9-2_amd64.deb
 e60a3eacb5bea1d493ec7f2981b4968958a94abe0c52c6826ff568920bf9ca5a 1140278 libsvn-dev_1.7.9-2_amd64.deb
 f883debdee0f511485adef2552b168b217ae41f188fd049bcc6ca21a4e45b450 174280 libapache2-mod-svn_1.7.9-2_amd64.deb
 81cbd75421613521c157546f459668142f828be9072e2529661a936a3b40c18a 579872 python-subversion_1.7.9-2_amd64.deb
 052c3dc56d0498e4af446d9a8529d892b238f9abce0b64584962eb0f52e9226d 338158 libsvn-java_1.7.9-2_amd64.deb
 e8579201870aacf563a28154eb421ab600ca14f9d01930e1a9e2fdd0f2f87d6d 865326 libsvn-perl_1.7.9-2_amd64.deb
 2b08ca4a894b223c7185effe61c31868f2f6a93717a2deb2a764fd199a07c1b8 506990 ruby-svn_1.7.9-2_amd64.deb
Files: 
 71667f885d925839a5b915989aede879 2306 vcs optional subversion_1.7.9-2.dsc
 59171856f6419f46516f53ecce72a3f2 235729 vcs optional subversion_1.7.9-2.debian.tar.gz
 aa33f02767c8a2ccca88d33a8decf878 1203566 doc extra libsvn-doc_1.7.9-2_all.deb
 01e51b393389e02491195b706c8683cc 106920 oldlibs extra libapache2-svn_1.7.9-2_all.deb
 819d2a1516cc38e2db7e701e0c2d40c2 253028 vcs extra subversion-tools_1.7.9-2_all.deb
 6425ce81119e67d65b78da934e03c2c1 972 oldlibs extra libsvn-ruby1.8_1.7.9-2_all.deb
 cec9323cf6dfba94a93c75c114102903 966 oldlibs extra libsvn-ruby_1.7.9-2_all.deb
 541a44e724b2b0a3f78b62655563d797 775772 vcs optional subversion_1.7.9-2_amd64.deb
 bb1a69e230f94daec5c96018d5b53d71 927306 libs optional libsvn1_1.7.9-2_amd64.deb
 5933200004e5924f73cdb35104c05284 1140278 libdevel extra libsvn-dev_1.7.9-2_amd64.deb
 5c1206b7accdb0af18b15cce5c753147 174280 httpd optional libapache2-mod-svn_1.7.9-2_amd64.deb
 e950d338043ae0a3b7c9d496d7e50e22 579872 python optional python-subversion_1.7.9-2_amd64.deb
 240ec3ae7965e9af219ac5df6f654e6c 338158 java optional libsvn-java_1.7.9-2_amd64.deb
 123ef9289beb989a6fb7895fdacdbd6b 865326 perl optional libsvn-perl_1.7.9-2_amd64.deb
 f34a0dc8df618c1499d2f0113a343acd 506990 ruby optional ruby-svn_1.7.9-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iEYEARECAAYFAlJfKJcACgkQMDatjqUaT92JiACgnr5Dn8Nt/5NWdkQvmcY18f25
AbIAn3QrJd0xbU50QEyXKyAyx4weUbdr
=87V+
-----END PGP SIGNATURE-----

Message #30 received at 721542-close@bugs.debian.org (full text, mbox, reply):

From: James McCoy <jamessan@debian.org>

To: 721542-close@bugs.debian.org

Subject: Bug#721542: fixed in subversion 1.7.13-1

Date: Thu, 17 Oct 2013 01:18:50 +0000

Source: subversion
Source-Version: 1.7.13-1

We believe that the bug you reported is fixed in the latest version of
subversion, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 721542@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
James McCoy <jamessan@debian.org> (supplier of updated subversion package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 16 Oct 2013 20:53:11 -0400
Source: subversion
Binary: subversion libsvn1 libsvn-dev libsvn-doc libapache2-mod-svn libapache2-svn python-subversion subversion-tools libsvn-java libsvn-perl ruby-svn libsvn-ruby1.8 libsvn-ruby
Architecture: source all amd64
Version: 1.7.13-1
Distribution: unstable
Urgency: low
Maintainer: Peter Samuelson <peter@p12n.org>
Changed-By: James McCoy <jamessan@debian.org>
Description: 
 libapache2-mod-svn - Apache Subversion server modules for Apache httpd
 libapache2-svn - Apache Subversion server modules for Apache httpd (dummy package)
 libsvn-dev - Development files for Apache Subversion libraries
 libsvn-doc - Developer documentation for libsvn
 libsvn-java - Java bindings for Apache Subversion
 libsvn-perl - Perl bindings for Apache Subversion
 libsvn-ruby - Ruby bindings for Apache Subversion (dummy package)
 libsvn-ruby1.8 - Ruby bindings for Apache Subversion (dummy package)
 libsvn1    - Shared libraries used by Apache Subversion
 python-subversion - Python bindings for Apache Subversion
 ruby-svn   - Ruby bindings for Apache Subversion
 subversion - Advanced version control system
 subversion-tools - Assorted tools related to Apache Subversion
Closes: 698270 705033 717794 719476 721542 726491
Changes: 
 subversion (1.7.13-1) unstable; urgency=low
 .
   [ Peter Samuelson ]
   * New upstream version.  (Closes: #719476)
     - patches/CVE-2013-1968.patch, patches/CVE-2013-2112.patch: remove,
       obsoleted
     - Includes security fixes:
       + CVE-2013-4131: Remotely triggered crash in mod_dav_svn (Closes:
         #717794)
       + CVE-2013-4277: Local privilege escalation vulnerability via symlink
         attack (Closes: #721542)
 .
   [ James McCoy ]
   * Add myself to uploaders.
   * Acknowledge NMUs.
   * Canonicalize the Vcs-* URLs.  Thanks, Lintian.
   * Remove Guilherme de S. Pastore from Uploaders. (Closes: #698270)
   * Add Breaks: svnmailer (<< 1.0.9) to python-subversion.  (Closes: #726491)
   * Remove obsolete conffile /etc/emacs/site-start.d/50psvn.el.  (Closes:
     #705033)
Checksums-Sha1: 
 d6b83dda03ee24e8c08357ab733aec5f977cc9b6 2317 subversion_1.7.13-1.dsc
 9fa8d49a18e58403ce5b855e65f748ddd86bba09 8253116 subversion_1.7.13.orig.tar.gz
 119a909d39544d9c7b8ab61f5692577bded22eb6 232078 subversion_1.7.13-1.diff.gz
 a992534785d9ad64f8c7763ec3e8dfd8c1be2694 1208482 libsvn-doc_1.7.13-1_all.deb
 b127a70e9d9538ecd471a09f96ba545214eee3d2 107984 libapache2-svn_1.7.13-1_all.deb
 52acaf44dadd614725508e7aa5de874d52b70f1a 253758 subversion-tools_1.7.13-1_all.deb
 9af824d7368abde530c024fb7698ce06f5807e5f 968 libsvn-ruby1.8_1.7.13-1_all.deb
 c1445ec0a66d02857195d4cd6d1228fe24224491 964 libsvn-ruby_1.7.13-1_all.deb
 b3a04893b9115b79310442dc8da58f293793de57 777814 subversion_1.7.13-1_amd64.deb
 157252fd99a45d7fe4e5ffa575b10e239535bd87 927982 libsvn1_1.7.13-1_amd64.deb
 fc8b11afb9b63acb498fc25afbaecaad43e4a5ab 1140848 libsvn-dev_1.7.13-1_amd64.deb
 86a61f90e626c8276e13e3ca4c34585f79b363af 175434 libapache2-mod-svn_1.7.13-1_amd64.deb
 b9a3253c49dfc3d3450d48388da9e20b6d8ddef7 581174 python-subversion_1.7.13-1_amd64.deb
 6562f186babb88180ac951a10a6e5f4c48c8318a 338938 libsvn-java_1.7.13-1_amd64.deb
 1a966a6e5824f9919e6584d921a3424753be1a47 868608 libsvn-perl_1.7.13-1_amd64.deb
 7851bf2bc27f59c86b0fd5f2e2b93953e755ecbd 507430 ruby-svn_1.7.13-1_amd64.deb
Checksums-Sha256: 
 3ae36c98102fb0557fdab5f7752e37be1d22aeb0831e34a57bd09b38b2125b74 2317 subversion_1.7.13-1.dsc
 ecce69d1c3685e1b5b0f8e9e5b94cb2e7032fffbfaf97c96095393892c5ed152 8253116 subversion_1.7.13.orig.tar.gz
 00c07fc04d8833a3ecafcca38b5a18f219b566e2e556a826825831d4e8b93d87 232078 subversion_1.7.13-1.diff.gz
 c701d8c9a255d1113a3aeef7236350eadc72171d0af9bd1703103a28077b0113 1208482 libsvn-doc_1.7.13-1_all.deb
 15c6239e03540cd2498d042c2b70e87e898dadfcc0c8896e20a640a1092bb3c2 107984 libapache2-svn_1.7.13-1_all.deb
 6eb4a4a313d3f22a9f995362de13f01fc023294e9b2011ae69ea6398684e8c7f 253758 subversion-tools_1.7.13-1_all.deb
 834b8e0c4138f8ce7df80d2c2f7eeda443ab35f0d4ea569ecde3261926429584 968 libsvn-ruby1.8_1.7.13-1_all.deb
 cf117ba1e6a45376221be8e4d9f10ebb5593eb0d224973cf6f6c82552aff2a7a 964 libsvn-ruby_1.7.13-1_all.deb
 c2e13e937f1190ef45f7830d1c6dc5dd2171a63bd594f43d0067254101379380 777814 subversion_1.7.13-1_amd64.deb
 02b813c3bd2a70d1f740670dc4ba509c886dd6eb48599143fa97c8d859079b0e 927982 libsvn1_1.7.13-1_amd64.deb
 f191c29838e474e530a316687b22d55fec57157a126dfb4796d4885313a13c89 1140848 libsvn-dev_1.7.13-1_amd64.deb
 cd90a385050afc36797a9d8dc0d316ed6c56e54353b19c1805127404664c8723 175434 libapache2-mod-svn_1.7.13-1_amd64.deb
 1270ce0672af6195f9f636b82dfb2211b657fde115458f470057a25a56e9bd56 581174 python-subversion_1.7.13-1_amd64.deb
 f935f17972c4179ebd8044d81b9240cee8eb63a7ca67361e18d6050f5622a305 338938 libsvn-java_1.7.13-1_amd64.deb
 5c4964702cbc39d6eb34d22a5243f2b36983d8a2870c9eef045d33b8122ec97f 868608 libsvn-perl_1.7.13-1_amd64.deb
 2a21a8b567775306d67ecf4af0cf263e059abd22965e28e38475162a327b6294 507430 ruby-svn_1.7.13-1_amd64.deb
Files: 
 74ea4d49ab392f5ce9062a0fc5e85cf7 2317 vcs optional subversion_1.7.13-1.dsc
 4a5159ab2569d0d20c4bac957da13f3d 8253116 vcs optional subversion_1.7.13.orig.tar.gz
 c9067fee24786ec4f1fe93c6a3b5ac60 232078 vcs optional subversion_1.7.13-1.diff.gz
 466fcb5245ee5945260150cab2c8f3cb 1208482 doc extra libsvn-doc_1.7.13-1_all.deb
 e3fd18cf74ff07a2ef491b52c394be09 107984 oldlibs extra libapache2-svn_1.7.13-1_all.deb
 e5b41775ab6be8a6b22a8b9e42866a53 253758 vcs extra subversion-tools_1.7.13-1_all.deb
 7582439fdfc39395bf14ceb1fad6310e 968 oldlibs extra libsvn-ruby1.8_1.7.13-1_all.deb
 10fc8b994cc561c160bec0977052459f 964 oldlibs extra libsvn-ruby_1.7.13-1_all.deb
 5a1b87096f5d534268eec94404740f62 777814 vcs optional subversion_1.7.13-1_amd64.deb
 70cb549efc7e4e62ab52ff3f7e3a3949 927982 libs optional libsvn1_1.7.13-1_amd64.deb
 97dfa9310f0140ad4ead3ebddc262c06 1140848 libdevel extra libsvn-dev_1.7.13-1_amd64.deb
 4c152d52c3f136efb0d47e85e73b63c2 175434 httpd optional libapache2-mod-svn_1.7.13-1_amd64.deb
 48e625d40bb00bdf0d7caad6dd967e8f 581174 python optional python-subversion_1.7.13-1_amd64.deb
 5e62241aaeee896bd58e0c799d3cae60 338938 java optional libsvn-java_1.7.13-1_amd64.deb
 848b684305f14d338942aa7a8ba3c681 868608 perl optional libsvn-perl_1.7.13-1_amd64.deb
 1340dc694e616d3d5aa9b71574cdb934 507430 ruby optional ruby-svn_1.7.13-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iEYEARECAAYFAlJfONIACgkQDb3UpmEybUB9FACeOE6pbLqUlnnbz43gC0Sza+Kg
fo0An1KhqmazbJCB2NGVNaF4iibN4upd
=rQaQ
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.