Bug 24284

Summary: CVE-2010-3315: mod_dav_svn - bypass intended access restrictions via svn commands
Product: Sisyphus Reporter: Vladimir Lettiev <crux>
Component: subversionAssignee: Andrey Cherepanov <cas>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: blocker    
Priority: P3 CC: cas, ender, shrek
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: http://subversion.apache.org/security/CVE-2010-3315-advisory.txt

Description Vladimir Lettiev 2010-10-13 09:56:58 MSD 
Subversion servers up to 1.6.12 (inclusive) making use of the "SVNPathAuthz short_circuit" mod_dav_svn configuration setting have a bug which may allow users to write and/or read portions of the repository to which they are not intended to have access.

Fixed in 1.6.13
Comment 1 Afanasov Dmitry 2010-10-13 12:55:06 MSD 
как, crux на меня CVE вешает :)
Comment 2 Vladimir Lettiev 2010-10-21 09:00:07 MSD 
subversion-1.6.13-alt1 -> sisyphus:

* Tue Oct 19 2010 Afanasov Dmitry <ender@altlinux> 1.6.13-alt1
- updated to 1.6.13 (CVE-2010-3315, closes: #24284)