DSA-3932-1 subversion -- subversion| ID: oval:org.secpod.oval:def:603050 | Date: (C)2017-09-05 (M)2023-12-20 |
| Class: PATCH | Family: unix |
Several problems were discovered in Subversion, a centralised version control system. CVE-2017-9800 Joern Schneeweisz discovered that Subversion did not correctly handle maliciously constructed svn+ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via svn:externals properties or when using "svnsync sync".
| Platform: |
| Debian 8.x |
| Debian 9.x |
| Product: |
| subversion |
| libsvn-dev |
| ruby-svn |
| libsvn-doc |
| libsvn1 |
| libsvn-perl |
| libapache2-mod-svn |
| python-subversion |
| libsvn-java |
