Oval Definition:oval:org.mitre.oval:def:8147
Revision Date:2014-06-23Version:18
Title:DSA-1855 subversion -- heap overflow
Description:Matt Lewis discovered that Subversion performs insufficient input validation of svndiff streams. Malicious servers could cause heap overflows in clients, and malicious clients with commit access could cause heap overflows in servers, possibly leading to arbitrary code execution in both cases.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-2411
DSA-1855
Platform(s):Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s):subversion
Definition Synopsis
  • Release section
  • Debian GNU/Linux 5.0 is installed
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND Packages section
  • subversion-tools is earlier than 1.5.1dfsg1-4
  • OR libsvn-doc is earlier than 1.5.1dfsg1-4
  • OR libsvn-ruby is earlier than 1.5.1dfsg1-4
  • OR Architecture dependent section
  • Supported architectures section
  • Installed architecture is s390
  • OR Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is armel
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is mipsel
  • OR Installed architecture is hppa
  • AND Packages section
  • libsvn-dev is earlier than 1.5.1dfsg1-4
  • OR libapache2-svn is earlier than 1.5.1dfsg1-4
  • OR libsvn-ruby1.8 is earlier than 1.5.1dfsg1-4
  • OR python-subversion is earlier than 1.5.1dfsg1-4
  • OR libsvn1 is earlier than 1.5.1dfsg1-4
  • OR subversion is earlier than 1.5.1dfsg1-4
  • OR libsvn-perl is earlier than 1.5.1dfsg1-4
  • OR Architecture dependent section
  • Supported architectures section
  • Installed architecture is s390
  • OR Installed architecture is amd64
  • OR Installed architecture is i386
  • OR Installed architecture is powerpc
  • OR Installed architecture is sparc
  • OR Installed architecture is armel
  • OR Installed architecture is ia64
  • AND libsvn-java is earlier than 1.5.1dfsg1-4
  • OR Release section
  • Debian GNU/Linux 4.0 is installed.
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND Packages section
  • subversion-tools is earlier than 1.4.2dfsg1-3
  • OR libsvn-doc is earlier than 1.4.2dfsg1-3
  • OR libsvn-javahl is earlier than 1.4.2dfsg1-3
  • OR libsvn-ruby is earlier than 1.4.2dfsg1-3
  • OR Architecture dependent section
  • Supported architectures section
  • Installed architecture is amd64
  • OR Installed architecture is powerpc
  • OR Installed architecture is i386
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is mipsel
  • OR Installed architecture is arm
  • AND Packages section
  • libsvn-dev is earlier than 1.4.2dfsg1-3
  • OR libapache2-svn is earlier than 1.4.2dfsg1-3
  • OR libsvn-ruby1.8 is earlier than 1.4.2dfsg1-3
  • OR python-subversion is earlier than 1.4.2dfsg1-3
  • OR libsvn1 is earlier than 1.4.2dfsg1-3
  • OR subversion is earlier than 1.4.2dfsg1-3
  • OR libsvn-perl is earlier than 1.4.2dfsg1-3
  • OR Architecture dependent section
  • Supported architectures section
  • Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is i386
  • OR Installed architecture is amd64
  • OR Installed architecture is powerpc
  • AND libsvn-java is earlier than 1.4.2dfsg1-3
    • BACK