Lieven Govaerts discovered that the Subversion moddavsvn module incorrectly handled certain request methods when SVNListParentPath was enabled. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2014-0032)
Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. (CVE-2014-3522)
Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server. (CVE-2014-3528)
{ "availability": "No subscription required", "binaries": [ { "libsvn-java": "1.8.8-1ubuntu3.1", "libsvn-perl": "1.8.8-1ubuntu3.1", "libsvn1": "1.8.8-1ubuntu3.1", "subversion": "1.8.8-1ubuntu3.1", "subversion-dbg": "1.8.8-1ubuntu3.1", "ruby-svn": "1.8.8-1ubuntu3.1", "python-subversion": "1.8.8-1ubuntu3.1", "subversion-tools": "1.8.8-1ubuntu3.1", "libsvn-ruby1.8": "1.8.8-1ubuntu3.1", "libapache2-svn": "1.8.8-1ubuntu3.1", "libapache2-mod-svn": "1.8.8-1ubuntu3.1", "libsvn-doc": "1.8.8-1ubuntu3.1", "libsvn-dev": "1.8.8-1ubuntu3.1", "python-subversion-dbg": "1.8.8-1ubuntu3.1" } ] }