DSA-3932-1 subversion -- subversionID: oval:org.secpod.oval:def:603050 | Date: (C)2017-09-05 (M)2023-12-20 |
Class: PATCH | Family: unix |
Several problems were discovered in Subversion, a centralised version control system. CVE-2017-9800 Joern Schneeweisz discovered that Subversion did not correctly handle maliciously constructed svn+ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via svn:externals properties or when using "svnsync sync".
Platform: |
Debian 8.x |
Debian 9.x |
Product: |
subversion |
libsvn-dev |
ruby-svn |
libsvn-doc |
libsvn1 |
libsvn-perl |
libapache2-mod-svn |
python-subversion |
libsvn-java |