FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

subversion -- multiple vulnerabilities

Affected packages
1.7.0 <= subversion17 < 1.7.22_1
1.8.0 <= subversion18 < 1.8.15
1.9.0 <= subversion < 1.9.3
1.7.0 <= mod_dav_svn < 1.7.22_1
1.8.0 <= mod_dav_svn < 1.8.15
1.9.0 <= mod_dav_svn < 1.9.3

Details

VuXML ID daadef86-a366-11e5-8b40-20cf30e32f6d
Discovery 2015-11-14
Entry 2015-12-15

Subversion Project reports:

Remotely triggerable heap overflow and out-of-bounds read caused by integer overflow in the svn:// protocol parser.

Remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel-encoded request bodies.

References

CVE Name CVE-2015-5259
CVE Name CVE-2015-5343
URL http://subversion.apache.org/security/CVE-2015-5259-advisory.txt
URL http://subversion.apache.org/security/CVE-2015-5343-advisory.txt