subversion: restriction bypass
| Package(s): | subversion |
CVE #(s): | CVE-2010-3315
|
| Created: | October 11, 2010 |
Updated: | February 16, 2011 |
| Description: |
From the Debian advisory:
Kamesh Jayachandran and C. Michael Pilat discovered that the mod_dav_svn
module of subversion, a version control system, is not properly enforcing
access rules which are scope-limited to named repositories. If the
SVNPathAuthz option is set to "short_circuit" set this may enable an
unprivileged attacker to bypass intended access restrictions and disclose
or modify repository content.
|
| Alerts: |
| openSUSE |
openSUSE-SU-2013:1869-1 |
subversion |
2013-12-13 |
| Red Hat |
RHSA-2011:0258-01 |
subversion |
2011-02-15 |
| Ubuntu |
USN-1053-1 |
subversion |
2011-02-01 |
| SUSE |
SUSE-SR:2010:024 |
clamav, subversion, python, krb5, otrs, moonlight, OpenOffice_org, kdenetwork4, zope, xpdf, gnutls, and opera |
2010-12-23 |
| openSUSE |
openSUSE-SU-2010:1042-1 |
subversion |
2010-12-10 |
| Fedora |
FEDORA-2010-16115 |
subversion |
2010-10-11 |
| Fedora |
FEDORA-2010-16136 |
subversion |
2010-10-11 |
| Mandriva |
MDVSA-2010:199 |
subversion |
2010-10-12 |
| Debian |
DSA-2118-1 |
subversion |
2010-10-08 |
|
