[Triage-desktop] [Bug 6511] subversion security vulnerabilities (CVE-2015-5343)

bugzilla-daemon bugzilla-daemon at rosalab.ru
Tue Dec 29 07:06:48 MSK 2015


http://bugs.rosalinux.ru/show_bug.cgi?id=6511

Zombie Ryushu <zombie_ryushu at yahoo.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                URL|                            |https://advisories.mageia.o
                   |                            |rg/MGASA-2015-0490.html
                 CC|                            |denis.silakov at rosalab.ru
          Component|-Enter Bugs Here-           |Main Packages
           Assignee|triage-desktop at lists.rosala |bugs at lists.rosalab.ru
                   |b.ru                        |
            Summary|subversion packages fix     |subversion security
                   |security vulnerabilities    |vulnerabilities
                   |                            |(CVE-2015-5343)
         QA Contact|triage-desktop at lists.rosala |bugs at lists.rosalab.ru
                   |b.ru                        |

--- Comment #1 from Zombie Ryushu <zombie_ryushu at yahoo.com> ---

Subversion's httpd servers are vulnerable to a remotely triggerable heap-based
buffer overflow and out-of-bounds read caused by an integer overflow when
parsing skel-encoded request bodies (CVE-2015-5343).

This allows remote attackers with write access to a repository to cause a
denial of service or possibly execute arbitrary code under the context of the
httpd process.  32-bit server versions are vulnerable to both the
denial-of-service attack and possible arbitrary code execution.  64-bit server
versions are only vulnerable to the denial-of-service attack.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rosalab.ru/pipermail/triage-desktop/attachments/20151229/ae07e4d4/attachment.html>


More information about the Triage-desktop mailing list