Your submission was sent successfully! Close

CVE-2019-0203

Published: 31 July 2019

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server.

From the Ubuntu security team

Tomas Bortoli discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
subversion
Launchpad, Ubuntu, Debian
bionic
Released (1.9.7-4ubuntu1.1)
disco Ignored
(reached end-of-life)
eoan Not vulnerable
(1.10.6-1)
focal Not vulnerable
(1.10.6-1)
groovy Not vulnerable
(1.10.6-1)
hirsute Not vulnerable
(1.10.6-1)
impish Not vulnerable
(1.10.6-1)
jammy Not vulnerable
(1.10.6-1)
precise
Released (1.6.17dfsg-3ubuntu3.8)
trusty Does not exist

upstream
Released (1.12.2,1.10.6,1.9.12)
xenial
Released (1.9.3-2ubuntu1.3)