The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html
http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html
http://secunia.com/advisories/59432
http://secunia.com/advisories/59584
http://secunia.com/advisories/60100
http://secunia.com/advisories/60722
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.securityfocus.com/bid/69237
http://www.ubuntu.com/usn/USN-2316-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/95090
https://exchange.xforce.ibmcloud.com/vulnerabilities/95311
https://security.gentoo.org/glsa/201610-05
https://subversion.apache.org/security/CVE-2014-3522-advisory.txt