Subversion team reports:
Subversion's mod_dav_svn Apache HTTPD server module will
dereference a NULL pointer if asked to deliver baselined WebDAV
resources.
This can lead to a DoS. An exploit has been tested, and tools
or users have been observed triggering this problem in the
wild.
Subversion's mod_dav_svn Apache HTTPD server module may in
certain scenarios enter a logic loop which does not exit and
which allocates memory in each iteration, ultimately exhausting
all the available memory on the server.
This can lead to a DoS. There are no known instances of this
problem being observed in the wild, but an exploit has been
tested.
Subversion's mod_dav_svn Apache HTTPD server module may leak to
remote users the file contents of files configured to be
unreadable by those users.
There are no known instances of this problem being observed in
the wild, but an exploit has been tested.