Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

subversion: CVE-2013-4505

Related Vulnerabilities: CVE-2013-4505   CVE-2013-4558  

Source

Debian Bug report logs - #730541
subversion: CVE-2013-4505

version graph

Package: subversion; Maintainer for subversion is James McCoy <jamessan@debian.org>; Source for subversion is src:subversion (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Tue, 26 Nov 2013 11:06:02 UTC

Severity: normal

Tags: pending, security

Fixed in version subversion/1.7.14-1

Done: James McCoy <jamessan@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Peter Samuelson <peter@p12n.org>:
Bug#730541; Package subversion. (Tue, 26 Nov 2013 11:06:06 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Peter Samuelson <peter@p12n.org>. (Tue, 26 Nov 2013 11:06:07 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: subversion: CVE-2013-4505
Date: Tue, 26 Nov 2013 11:55:37 +0100
Package: subversion
Severity: normal
Tags: security

Please see http://subversion.apache.org/security/CVE-2013-4505-advisory.txt for
details. AFAICS this module isn't built, so this only affects locally built
source packages.

Cheers,
        Moritz

Added tag(s) pending. Request was from jamessan@users.alioth.debian.org to control@bugs.debian.org. (Thu, 05 Dec 2013 04:42:04 GMT) (full text, mbox, link).

Reply sent to James McCoy <jamessan@debian.org>:
You have taken responsibility. (Fri, 27 Dec 2013 16:09:17 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Fri, 27 Dec 2013 16:09:17 GMT) (full text, mbox, link).

Message #12 received at 730541-close@bugs.debian.org (full text, mbox, reply):

From: James McCoy <jamessan@debian.org>
To: 730541-close@bugs.debian.org
Subject: Bug#730541: fixed in subversion 1.7.14-1
Date: Fri, 27 Dec 2013 16:06:18 +0000
Source: subversion
Source-Version: 1.7.14-1

We believe that the bug you reported is fixed in the latest version of
subversion, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 730541@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
James McCoy <jamessan@debian.org> (supplier of updated subversion package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 27 Dec 2013 10:17:38 -0500
Source: subversion
Binary: subversion libsvn1 libsvn-dev libsvn-doc libapache2-mod-svn libapache2-svn python-subversion subversion-tools libsvn-java libsvn-perl ruby-svn libsvn-ruby1.8 libsvn-ruby
Architecture: source all amd64
Version: 1.7.14-1
Distribution: unstable
Urgency: medium
Maintainer: Peter Samuelson <peter@p12n.org>
Changed-By: James McCoy <jamessan@debian.org>
Description: 
 libapache2-mod-svn - Apache Subversion server modules for Apache httpd
 libapache2-svn - Apache Subversion server modules for Apache httpd (dummy package)
 libsvn-dev - Development files for Apache Subversion libraries
 libsvn-doc - Developer documentation for libsvn
 libsvn-java - Java bindings for Apache Subversion
 libsvn-perl - Perl bindings for Apache Subversion
 libsvn-ruby - Ruby bindings for Apache Subversion (dummy package)
 libsvn-ruby1.8 - Ruby bindings for Apache Subversion (dummy package)
 libsvn1    - Shared libraries used by Apache Subversion
 python-subversion - Python bindings for Apache Subversion
 ruby-svn   - Ruby bindings for Apache Subversion
 subversion - Advanced version control system
 subversion-tools - Assorted tools related to Apache Subversion
Closes: 677990 711911 728352 730541
Changes: 
 subversion (1.7.14-1) unstable; urgency=medium
 .
   * New upstream version.
     - mod_dav_svn: Prevent crashes with some 3rd party modules.  (Closes:
       #728352)
     - Includes security fix:
       + CVE-2013-4505: mod_dontdothat restrictions bypassed by relative
         requests  (Closes: #730541)
       + CVE-2013-4558: mod_dav_svn assertion when SVNAutoversioning is
         enabled.
   * Bump compat to debhelper 8
   * Use shlibs.local to handle intrapackage dependencies on private libraries.
   * rules: Fix removal of libsvnjavahl-1.a/.la/.so from libsvn-dev.  (Closes:
     #711911)
   * Remove obsolete conffiles under /etc/svn2cl.  (Closes: #677990)
Checksums-Sha1: 
 4355f568a1f19060809a3038fafb447bc1c03d26 2862 subversion_1.7.14-1.dsc
 0bdea1c7c20598cd4b6869bf00f6df84fd17d769 8262758 subversion_1.7.14.orig.tar.gz
 a2d33d3c0a4b4eb90fc1c117c1d381d3583b44dd 233029 subversion_1.7.14-1.diff.gz
 e1b300d4063931e20ce24d40f1e91039cf045013 1280654 libsvn-doc_1.7.14-1_all.deb
 405923c9ef893f3f123ac54348c2ff497ac1d081 108688 libapache2-svn_1.7.14-1_all.deb
 cff97cc2fe39bfa831fa76261b8cba69ca0c1137 254734 subversion-tools_1.7.14-1_all.deb
 74ac52e679b6dc8a819379a077b27220cc99b1cd 962 libsvn-ruby1.8_1.7.14-1_all.deb
 0aeb9e4ce9840264121cd615ef61a4302943df2a 960 libsvn-ruby_1.7.14-1_all.deb
 32a6f7a077b798886e4b89198938231837db9ce2 778352 subversion_1.7.14-1_amd64.deb
 29d30efc2821208088cc41f969f0e0f0248e3dbb 928642 libsvn1_1.7.14-1_amd64.deb
 2aa9aafc203d91af347aa629b344c42b1be63476 1067360 libsvn-dev_1.7.14-1_amd64.deb
 0d27594815822a17142fece56b63adc60cafb093 176290 libapache2-mod-svn_1.7.14-1_amd64.deb
 1f7a017351fbd463af96de53d4983bf0b088ee9e 581448 python-subversion_1.7.14-1_amd64.deb
 ae144b9b750595458233f5d68863c8f4cc993b68 338762 libsvn-java_1.7.14-1_amd64.deb
 284272dc7a392ab6959d118b02a1f701b6a39b60 870592 libsvn-perl_1.7.14-1_amd64.deb
 2ce7fa9f7285a7d0b6566da3f9c7b5d5cd7129fa 510356 ruby-svn_1.7.14-1_amd64.deb
Checksums-Sha256: 
 0b4eedef366b093a0e7e39ffa2833a0b42a642fc5dfc1f55a8ce7b97a8570f20 2862 subversion_1.7.14-1.dsc
 bcbed8cf28b32b7cc6d2737de2e1ae3bef3791658b5945a914b4feabe50d7cb2 8262758 subversion_1.7.14.orig.tar.gz
 210b4305bc2069af53207a5c3787f8de90a32c7a43ea35b85461a11697837545 233029 subversion_1.7.14-1.diff.gz
 9ef8cf6b150f60777d98487edd906ab2d3d33bb3899c98b49d22b061dd54e69a 1280654 libsvn-doc_1.7.14-1_all.deb
 c119021207c8860b096c77131aa6797b2bef5aad0d7a8c16cb747c43925dcbc8 108688 libapache2-svn_1.7.14-1_all.deb
 d56112303bffd912cc57cc10df61aa8194aede8dfd826cbd0f4947733811b00b 254734 subversion-tools_1.7.14-1_all.deb
 e1462739e3400cad04310cac7c46b339185ea4c58a748395bf6eed07ae76a220 962 libsvn-ruby1.8_1.7.14-1_all.deb
 8d145f55bcc82381a8ea70ab39f85c1d47cdaf40b9ad8b29aeb09de4661d4e92 960 libsvn-ruby_1.7.14-1_all.deb
 5309bf25f3a280eabb95ef6f1a0cb9e52fba51105f87bbbed111ddbb459b9fa2 778352 subversion_1.7.14-1_amd64.deb
 fe2c0c8457108f83f83d9cd295021d0718c8f5c796cb7fd4a0a49b70e624da74 928642 libsvn1_1.7.14-1_amd64.deb
 60f877e00bd7314905c40a31bec662b07cae8901a7215c3157b27268a2ae5231 1067360 libsvn-dev_1.7.14-1_amd64.deb
 42847c175d1d2f42f1282a85392b7fe95a0f99226db9bb78b8cd9affdc487932 176290 libapache2-mod-svn_1.7.14-1_amd64.deb
 ae3766a509b260d651532c2770819cecf995d8ebc02d2816bea10639bdfeef3e 581448 python-subversion_1.7.14-1_amd64.deb
 6004fc2af682e692e7424ed88def63559851b07d4c97418bdaa881c888e9faeb 338762 libsvn-java_1.7.14-1_amd64.deb
 8b6d4e3f3f30c510d3186a0f93c91d0d762b30bc93257dd82958b8b2e31db5a8 870592 libsvn-perl_1.7.14-1_amd64.deb
 6158d5058edc890ddafce03bb7cd13e5a2214bdd4889eded5be317dbba75c224 510356 ruby-svn_1.7.14-1_amd64.deb
Files: 
 27748caad2e31614dcd99320cb3cb503 2862 vcs optional subversion_1.7.14-1.dsc
 cd56302ccebb9d1fa5e8449ffb07e8d2 8262758 vcs optional subversion_1.7.14.orig.tar.gz
 7204ed20959b24641066d23562c7903b 233029 vcs optional subversion_1.7.14-1.diff.gz
 db6d6162827d2fd3c1f4d166dc108a30 1280654 doc extra libsvn-doc_1.7.14-1_all.deb
 1975beb0b9538be776c227dde5722b9f 108688 oldlibs extra libapache2-svn_1.7.14-1_all.deb
 606080cca598d0132d30ebff73e9fd1d 254734 vcs extra subversion-tools_1.7.14-1_all.deb
 942ed0645a9d44b7d67a5aba0a0743c5 962 oldlibs extra libsvn-ruby1.8_1.7.14-1_all.deb
 f79fa6a209055a73d7e60ae0998e122c 960 oldlibs extra libsvn-ruby_1.7.14-1_all.deb
 5fcd66fa7fdc8379b48b57e3bb5385da 778352 vcs optional subversion_1.7.14-1_amd64.deb
 1fdaba885215e8f2e1e68ed270cc350e 928642 libs optional libsvn1_1.7.14-1_amd64.deb
 23e38731090b9c535e3021d87b46bce8 1067360 libdevel extra libsvn-dev_1.7.14-1_amd64.deb
 206f71e66f46e9912c68f7f581a7bc4d 176290 httpd optional libapache2-mod-svn_1.7.14-1_amd64.deb
 846294a7f587e9265adf5d11f6d500c3 581448 python optional python-subversion_1.7.14-1_amd64.deb
 92b03f2edcacaeb6b5d00fa17ddc29be 338762 java optional libsvn-java_1.7.14-1_amd64.deb
 37a47ffba70325afb314af08953245cd 870592 perl optional libsvn-perl_1.7.14-1_amd64.deb
 8574bb424b686653a85c477981137c6e 510356 ruby optional ruby-svn_1.7.14-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCgAGBQJSvaNfAAoJEN/mka4zG6PbYrEP/0Ex/0acRtUIpvX32WeCt9+q
WFcz6ie27coTeKK/cTd25MgwI0t2KDjjzVuqI+0cUP1YkcaDVovBThDkWZlNvOLz
TK43PDQCEvnSI1dzfA7Brnet0COZRyUfpjTIr5fI17OMpvhz9lVq/Zjh5AIBu+Qq
5VQ/v/QPjfxRz1juvi2FVIjL50taj2gs53cB3QXClEQTQN3dhrhrKz8H6tt0dZPa
4qQZxwXUJCU1uRBiz0d8c7zmPGtBMN0+iuowmif7zx+jGjB/WviNHjsyYPplkQOM
GK3SSDjYNISlZEbIKvNVB2eTf8cVOkCKOHYVzRp/N6cbsewkM+ndvRMs4MqQCkAf
L1Z/GJHVkkN5LuwmFFrIixdkKDvFOppFlchHfRnHRU9S0emQxYvR714qomqzBuoJ
ZVMCVQDW8c0jmUSOzCsfct10H4Rbkh07uGGhOt9zMS+LdNgHRCdtJdOm3KcRNl5K
k83koRyEkQf04vuXymqCFz65xZs06tHPX93HXx8hsHe42ft7SvvFZqT2RgZkVtZk
U0xQtOX67VOqTPQlfRt/J3GZk1oTGxoi1LVt7rKLgaB+1hIa5byPNRAyOyBPSDsU
WRZzcSXL1UpYKU+JzFtsQFk8U7wUyQxZ/BO04wQ5gzrkNHSKV04eS8m64+XPAiii
e11nVKY5jC2xeMsk4W0v
=mxqv
-----END PGP SIGNATURE-----

Added tag(s) pending. Request was from jamessan@users.alioth.debian.org to control@bugs.debian.org. (Mon, 30 Dec 2013 05:09:10 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 20 Apr 2014 07:27:43 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:33:36 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started