From subversion 1.0.3 announce mail: http://subversion.tigris.org/servlets/ReadMsg?list=announce&msgNo=125 Subversion versions up to and including 1.0.2 have a buffer overflow in the date parsing code. Both client and server are vulnerable. The server is vulnerable over both httpd/DAV and svnserve (that is, over http://, https://, svn://, svn+ssh:// and other tunneled svn+*:// methods). Additionally, clients with shared working copies, or permissions that allow files in the administrative area of the working copy to be written by other users, are potentially exploitable. Reproducible: Always Steps to Reproduce: There is similar issue with up to and includind net-misc/neon-0.24.5 (CAN-2004-0398). So, there is also update for neon (0.24.6), please see http://www.webdav.org/neon/.
*** Bug 51463 has been marked as a duplicate of this bug. ***
pauldv, please bump. thanks.
*** Bug 51491 has been marked as a duplicate of this bug. ***
Reassigning back to security so that we keep track of this one. Still waiting for pauldv's bump.
I'm raising a new bug for this, but FYI, subversion 1.0.4 is now available. 1.0.3 is the security fix. http://subversion.tigris.org/project_status.html AfC Sydney
The new bug number for 1.0.4 is 51572 http://bugs.gentoo.org/show_bug.cgi?id=51572, But, 1.0.4 isn't out yet (planned for tomorrow)!
Apparently 1.0.3 is in CVS. Stable flags are OK -- so it's ready for a GLSA
GLSA Drafted.
GLSA 200405-14.
