[Secure-testing-team] Bug#721542: subversion: CVE-2013-4277: local privilege escalation vulnerability via symlink attack
Salvatore Bonaccorso
carnil at debian.org
Sun Sep 1 19:34:38 UTC 2013
Package: subversion
Version: 1.6.12dfsg-6
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for subversion.
CVE-2013-4277[0]:
local privilege escalation vulnerability via symlink attack
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4277
http://security-tracker.debian.org/tracker/CVE-2013-4277
[1] http://subversion.apache.org/security/CVE-2013-4277-advisory.txt
This issue does not warrant a DSA, but could be fixed trough a
(old)stable-proposed-updates, see [2].
[2] http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable
Regards,
Salvatore
More information about the Secure-testing-team
mailing list