Overview

File _patchinfo of Package patchinfo.548

<patchinfo incident="548">
  <issue id="923793" tracker="bnc">VUL-0: CVE-2015-0202: subversion: mod_dav_svn with FSFS repositories remotely triggerable excessive memory use with certain REPORT requests</issue>
  <issue id="923794" tracker="bnc">VUL-0: CVE-2015-0248: subversion: mod_dav_svn and svnserve remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers</issue>
  <issue id="923795" tracker="bnc">VUL-0: CVE-2015-0251: subversion: spoofing of svn:author property values for new revisions</issue>
  <issue id="CVE-2015-0202" tracker="cve" />
  <issue id="CVE-2015-0248" tracker="cve" />
  <issue id="CVE-2015-0251" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>scarabeus_iv</packager>
  <description>Apache Subversion was updated to fix three vulnerabilities.

The following vulnerabilities were fixed:

* Subversion HTTP servers with FSFS repositories were vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. (bsc#923793 CVE-2015-0202) 
* Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. (bsc#923794 CVE-2015-0248)
* Subversion HTTP servers allow spoofing svn:author property values for new revisions (bsc#923795 CVE-2015-0251)
</description>
  <summary>Security update for subversion</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places