Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 51462 - dev-util/subversion: Subversion versions up to and including 1.0.2 have a buffer overflow in
Summary: dev-util/subversion: Subversion versions up to and including 1.0.2 have a buf...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: GLSA Errors (show other bugs)
Hardware: All All
: Highest blocker (vote)
Assignee: Gentoo Security
URL: http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:
Keywords:
: 51463 51491 (view as bug list)
Depends on:
Blocks:
 
Reported: 2004-05-19 08:54 UTC by Jani Averbach
Modified: 2004-05-20 11:38 UTC (History)
8 users (show)

See Also:
Package list:
Runtime testing required: ---
condordes: Assigned_To? (condordes)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jani Averbach 2004-05-19 08:54:28 UTC
From subversion 1.0.3 announce mail:
http://subversion.tigris.org/servlets/ReadMsg?list=announce&msgNo=125


Subversion versions up to and including 1.0.2 have a buffer overflow in
the date parsing code.

Both client and server are vulnerable.  The server is vulnerable over
both httpd/DAV and svnserve (that is, over http://, https://, svn://,
svn+ssh:// and other tunneled svn+*:// methods).

Additionally, clients with shared working copies, or permissions that
allow files in the administrative area of the working copy to be
written by other users, are potentially exploitable.


Reproducible: Always
Steps to Reproduce:





There is similar issue with up to and includind net-misc/neon-0.24.5
(CAN-2004-0398).
So, there is also update for neon (0.24.6), please see http://www.webdav.org/neon/.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2004-05-19 09:00:22 UTC
*** Bug 51463 has been marked as a duplicate of this bug. ***
Comment 2 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2004-05-19 12:39:16 UTC
pauldv, please bump. thanks.
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2004-05-19 13:58:17 UTC
*** Bug 51491 has been marked as a duplicate of this bug. ***
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2004-05-19 14:00:28 UTC
Reassigning back to security so that we keep track of this one. Still waiting for pauldv's bump.
Comment 5 Andrew Cowie 2004-05-20 08:51:04 UTC
I'm raising a new bug for this, but FYI, subversion 1.0.4 is now available. 1.0.3 is the security fix.

http://subversion.tigris.org/project_status.html

AfC
Sydney
Comment 6 Jani Averbach 2004-05-20 09:21:21 UTC
The new bug number for 1.0.4 is 51572 http://bugs.gentoo.org/show_bug.cgi?id=51572,

But, 1.0.4 isn't out yet (planned for tomorrow)!
Comment 7 Thierry Carrez (RETIRED) gentoo-dev 2004-05-20 10:04:11 UTC
Apparently 1.0.3 is in CVS. Stable flags are OK -- so it's ready for a GLSA
Comment 8 Joshua J. Berry (CondorDes) (RETIRED) gentoo-dev 2004-05-20 11:00:52 UTC
GLSA Drafted.
Comment 9 Joshua J. Berry (CondorDes) (RETIRED) gentoo-dev 2004-05-20 11:38:29 UTC
GLSA 200405-14.