Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 339517 (CVE-2010-3315) - <dev-vcs/subversion-1.6.13: Possibility of read/write access escalation for authenticated, unauthorized users (CVE-2010-3315)
Summary: <dev-vcs/subversion-1.6.13: Possibility of read/write access escalation for a...
Status: RESOLVED FIXED
Alias: CVE-2010-3315
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High minor (vote)
Assignee: Gentoo Security
URL: https://subversion.apache.org/securit...
Whiteboard: C3 [noglsa]
Keywords:
: 374621 (view as bug list)
Depends on:
Blocks:
 
Reported: 2010-10-02 21:29 UTC by Arfrever Frehtes Taifersar Arahesis (RETIRED)
Modified: 2011-07-11 02:17 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2010-10-02 21:29:08 UTC
mod_authz_svn of <dev-vcs/subversion-1.6.13 in some configurations using "SVNPathAuthz short_circuit" directive might give authenticated, unauthorized users read/write access.
Comment 1 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2010-10-02 21:32:17 UTC
Stabilize dev-vcs/subversion-1.6.13.
Comment 2 Markos Chandras (RETIRED) gentoo-dev 2010-10-03 15:35:50 UTC
amd64 done
Comment 3 Brent Baude (RETIRED) gentoo-dev 2010-10-05 15:16:29 UTC
ppc done
Comment 4 Brent Baude (RETIRED) gentoo-dev 2010-10-05 17:50:35 UTC
ppc64 done
Comment 5 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-10-06 15:28:23 UTC
x86 stable
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2010-10-07 15:45:55 UTC
Stable for HPPA.
Comment 7 Tobias Klausmann gentoo-dev 2010-10-09 13:03:47 UTC
Stable on alpha.
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2010-10-09 16:38:27 UTC
arm/ia64/s390/sh/sparc stable
Comment 9 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-10-10 17:55:02 UTC
GLSA vote: NO.
authz is not default, besides if unauthorized commits are made, they can be reverted just as easily.
Comment 10 Tim Sammut (RETIRED) gentoo-dev 2010-10-10 18:01:42 UTC
GLSA Vote: No, agreed. Closing noglsa.
Comment 11 Tim Sammut (RETIRED) gentoo-dev 2011-07-11 02:17:02 UTC
*** Bug 374621 has been marked as a duplicate of this bug. ***