Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 374621

Summary: dev-vcs/subversion: access restriction bypass (CVE-2010-3315)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: trivial CC: arfrever
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2011-07-10 00:28:39 UTC 
CVE-2010-3315 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3315):
  authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed
  in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when
  SVNPathAuthz short_circuit is enabled, does not properly handle a named
  repository as a rule scope, which allows remote authenticated users to
  bypass intended access restrictions via svn commands.


Opened for tracking purposes.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2011-07-10 00:29:46 UTC 
Vote: no!
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-07-11 02:17:02 UTC 

*** This bug has been marked as a duplicate of bug 339517 ***