Your submission was sent successfully! Close

CVE-2010-3315

Published: 04 October 2010

authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.

Priority

Medium

Status

Package Release Status
subversion
Launchpad, Ubuntu, Debian
Upstream
Released (1.5.8,1.6.13,1.6.12dfsg-2)
Patches:
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1000060
Binaries built from this source package are in Universe and so are supported by the community.

Notes

AuthorNote
mdeslaur
looks like this was introduced here:
http://svn.apache.org/viewvc?view=revision&revision=865065
code in dapper and hardy doesn't look affected
karmic+ binary is in universe, so adding appropriate tag.

References

Bugs