DSA-3932-1 subversion -- subversion
|ID: oval:org.secpod.oval:def:603050||Date: (C)2017-09-05 (M)2018-01-05|
|Class: PATCH||Family: unix|
Several problems were discovered in Subversion, a centralised version control system. CVE-2017-9800 Joern Schneeweisz discovered that Subversion did not correctly handle maliciously constructed svn+ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via svn:externals properties or when using "svnsync sync".