Evgeny Kotkov discovered a NULL pointer dereference while processing REPORT requests in mod_dav_svn, the Subversion component which is used to serve repositories with the Apache web server. A remote attacker could abuse this vulnerability for a denial of service.

For the stable distribution (wheezy), this problem has been fixed in version 1.6.17dfsg-4+deb7u7. For the unstable distribution (sid), this problem has been fixed in version 1.8.10-5. We recommend that you upgrade your subversion packages.

Subversion, also known as svn, is a version control system much like the Concurrent Versions System (CVS). Version control systems allow many individuals (who may be distributed geographically) to collaborate on a set of files (typically source code). Subversion has all the major features of CVS, plus certain new features that CVS users often wish they had.

subversion on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2014/dsa-3107.html

---

Updated on 2015-03-25