CVE-2015-3187

Published: 5 August 2015

The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.

Priority

Status

Package	Release	Status
subversion Launchpad, Ubuntu, Debian	upstream	Needs triage
	precise	Released (1.6.17dfsg-3ubuntu3.5)
	trusty	Does not exist (trusty was released [1.8.8-1ubuntu3.2])
	vivid	Released (1.8.10-5ubuntu1.1)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3187
http://subversion.apache.org/security/CVE-2015-3187-advisory.txt
https://ubuntu.com/security/notices/USN-2721-1
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›