MGASA-2017-0273
- Source
- https://advisories.mageia.org/MGASA-2017-0273.html
- Import Source
- https://advisories.mageia.org/MGASA-2017-0273.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2017-0273
- Related
- Published
- 2017-08-16T21:10:57Z
- Modified
- 2017-08-16T20:52:44Z
- Summary
- Updated subversion packages fix security vulnerability
- Details
-
A Subversion client sometimes connects to URLs provided by the repository. A maliciously constructed svn+ssh:// URL would cause Subversion clients to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to an honest server (to attack another user of that server's repositories), or by a proxy server (CVE-2017-9800).
- References
-
- https://advisories.mageia.org/MGASA-2017-0273.html
- https://bugs.mageia.org/show_bug.cgi?id=21495
- https://mail-archives.apache.org/mod_mbox/subversion-announce/201708.mbox/%3C2fefe468-7d41-11e7-aea1-9312c6089150%40apache.org%3E
- http://svn.apache.org/repos/asf/subversion/tags/1.9.7/CHANGES
- http://mail-archives.apache.org/mod_mbox/subversion-announce/201708.mbox/%3C8760dvl2j6.fsf%40codematters.co.uk%3E
- http://svn.apache.org/repos/asf/subversion/tags/1.8.19/CHANGES
- http://subversion.apache.org/security/CVE-2017-9800-advisory.txt
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / subversion
Package
- Name
- subversion
- Purl
- pkg:rpm/mageia/subversion?distro=mageia-5
Mageia:6 / subversion
Package
- Name
- subversion
- Purl
- pkg:rpm/mageia/subversion?distro=mageia-6