Mandriva Linux Security Advisory 2015-192 - Multiple vulnerabilities has been discovered and corrected in subversion. Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. Subversion mod_dav_svn and svnserve are vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. Subversion HTTP servers allow spoofing svn:author property values for new revisions. The updated packages have been upgraded to the 1.7.20 and 1.8.13 versions where these security flaws has been fixed. Continue reading...
